New encryption/escrow endpoints for Wallet

components/autofill/content/browser/wallet/wallet_client.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/content/browser/wallet/wallet_client.h"
 
 #include "base/bind.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
+#include "base/strings/stringprintf.h"
+#include "base/strings/utf_string_conversions.h"
 #include "components/autofill/content/browser/wallet/form_field_error.h"
 #include "components/autofill/content/browser/wallet/instrument.h"
 #include "components/autofill/content/browser/wallet/wallet_address.h"
 #include "components/autofill/content/browser/wallet/wallet_client_delegate.h"
 #include "components/autofill/content/browser/wallet/wallet_items.h"
 #include "components/autofill/content/browser/wallet/wallet_service_url.h"
 #include "components/autofill/core/browser/autofill_metrics.h"
 #include "crypto/random.h"
 #include "google_apis/google_api_keys.h"
+#include "net/base/escape.h"
 #include "net/http/http_status_code.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context_getter.h"
 
 namespace autofill {
 namespace wallet {
 
 namespace {
 
+const char kFormEncodedMimeType[] = "application/x-www-form-urlencoded";
 const char kJsonMimeType[] = "application/json";
+const char kEscrowSensitiveInformationFormat[] =
+    "request_content_type=application/json&request=%s&cvn=%s&card_number=%s";
+const char kGetFullWalletRequestFormat[] =
+    "request_content_type=application/json&request=%s&otp=%s:%s";
 const size_t kOneTimePadLength = 6;
 
+// The maximum number of bits in the one time pad that the server is willing to
+// accept.
+const size_t kMaxBits = 56;
+
+// The minimum number of bits in the one time pad that the server is willing to
+// accept.
+const size_t kMinBits = 40;
+
 std::string AutocheckoutStatusToString(AutocheckoutStatus status) {
   switch (status) {
     case MISSING_FIELDMAPPING:
       return "MISSING_FIELDMAPPING";
     case MISSING_ADVANCE:
       return "MISSING_ADVANCE";
     case MISSING_CLICK_ELEMENT_BEFORE_FORM_FILLING:
       return "MISSING_CLICK_ELEMENT_BEFORE_FORM_FILLING";
     case MISSING_CLICK_ELEMENT_AFTER_FORM_FILLING:
       return "MISSING_CLICK_ELEMENT_AFTER_FORM_FILLING";
@@ skipping 189 matching lines @@
     const std::string& google_transaction_id,
     const std::vector<RiskCapability> risk_capabilities)
     : instrument_id(instrument_id),
       address_id(address_id),
       source_url(source_url),
       google_transaction_id(google_transaction_id),
       risk_capabilities(risk_capabilities) {}
 
 WalletClient::FullWalletRequest::~FullWalletRequest() {}
 
-WalletClient::UpdateInstrumentRequest::UpdateInstrumentRequest(
-    const std::string& instrument_id,
-    const GURL& source_url)
-    : instrument_id(instrument_id),
-      expiration_month(0),
-      expiration_year(0),
-      source_url(source_url) {}
-
-WalletClient::UpdateInstrumentRequest::~UpdateInstrumentRequest() {}
-
 WalletClient::WalletClient(net::URLRequestContextGetter* context_getter,
                            WalletClientDelegate* delegate)
     : context_getter_(context_getter),
       delegate_(delegate),
       request_type_(NO_PENDING_REQUEST),
-      one_time_pad_(kOneTimePadLength),
-      encryption_escrow_client_(context_getter, this) {
+      one_time_pad_(kOneTimePadLength) {
   DCHECK(context_getter_.get());
   DCHECK(delegate_);
 }
 
 WalletClient::~WalletClient() {}
 
 void WalletClient::AcceptLegalDocuments(
     const std::vector<WalletItems::LegalDocument*>& documents,
     const std::string& google_transaction_id,
     const GURL& source_url) {
   if (documents.empty())
     return;
 
   std::vector<std::string> document_ids;
   for (size_t i = 0; i < documents.size(); ++i) {
     document_ids.push_back(documents[i]->id());
   }
   DoAcceptLegalDocuments(document_ids, google_transaction_id, source_url);
 }
 
 void WalletClient::AuthenticateInstrument(
     const std::string& instrument_id,
-    const std::string& card_verification_number,
-    const std::string& obfuscated_gaia_id) {
+    const std::string& card_verification_number) {
   if (HasRequestInProgress()) {
     pending_requests_.push(base::Bind(&WalletClient::AuthenticateInstrument,
                                       base::Unretained(this),
                                       instrument_id,
-                                      card_verification_number,
-                                      obfuscated_gaia_id));
+                                      card_verification_number));
     return;
   }
 
   DCHECK_EQ(NO_PENDING_REQUEST, request_type_);
-  DCHECK(pending_request_body_.empty());
   request_type_ = AUTHENTICATE_INSTRUMENT;
 
-  pending_request_body_.SetString(kApiKeyKey, google_apis::GetAPIKey());
-  pending_request_body_.SetString(kRiskParamsKey, delegate_->GetRiskData());
-  pending_request_body_.SetString(kInstrumentIdKey, instrument_id);
+  base::DictionaryValue request_dict;
+  request_dict.SetString(kApiKeyKey, google_apis::GetAPIKey());
+  request_dict.SetString(kRiskParamsKey, delegate_->GetRiskData());
+  request_dict.SetString(kInstrumentIdKey, instrument_id);
 
-  encryption_escrow_client_.EscrowCardVerificationNumber(
-      card_verification_number, obfuscated_gaia_id);
+  std::string json_payload;
+  base::JSONWriter::Write(&request_dict, &json_payload);
+
+  std::string escaped_card_verification_number = net::EscapeUrlEncodedData(
+      card_verification_number, true);
+
+  std::string post_body = base::StringPrintf(
+      kEscrowSensitiveInformationFormat,
+      net::EscapeUrlEncodedData(json_payload, true).c_str(),
+      escaped_card_verification_number.c_str(),
+      std::string().c_str());
+
+  MakeWalletRequest(GetAuthenticateInstrumentUrl(),
+                    post_body,
+                    kFormEncodedMimeType);
 }
 
 void WalletClient::GetFullWallet(const FullWalletRequest& full_wallet_request) {
   if (HasRequestInProgress()) {
     pending_requests_.push(base::Bind(&WalletClient::GetFullWallet,
                                       base::Unretained(this),
                                       full_wallet_request));
     return;
   }
 
   DCHECK_EQ(NO_PENDING_REQUEST, request_type_);
-  DCHECK(pending_request_body_.empty());
   request_type_ = GET_FULL_WALLET;
 
-  pending_request_body_.SetString(kApiKeyKey, google_apis::GetAPIKey());
-  pending_request_body_.SetString(kRiskParamsKey, delegate_->GetRiskData());
-  pending_request_body_.SetString(kSelectedInstrumentIdKey,
-                                  full_wallet_request.instrument_id);
-  pending_request_body_.SetString(kSelectedAddressIdKey,
-                                  full_wallet_request.address_id);
-  pending_request_body_.SetString(
+  base::DictionaryValue request_dict;
+  request_dict.SetString(kApiKeyKey, google_apis::GetAPIKey());
+  request_dict.SetString(kRiskParamsKey, delegate_->GetRiskData());
+  request_dict.SetString(kSelectedInstrumentIdKey,
+                         full_wallet_request.instrument_id);
+  request_dict.SetString(kSelectedAddressIdKey, full_wallet_request.address_id);
+  request_dict.SetString(
       kMerchantDomainKey,
       full_wallet_request.source_url.GetWithEmptyPath().spec());
-  pending_request_body_.SetString(kGoogleTransactionIdKey,
-                                  full_wallet_request.google_transaction_id);
-  pending_request_body_.SetString(
-      kFeatureKey,
-      DialogTypeToFeatureString(delegate_->GetDialogType()));
+  request_dict.SetString(kGoogleTransactionIdKey,
+                         full_wallet_request.google_transaction_id);
+  request_dict.SetString(kFeatureKey,
+                         DialogTypeToFeatureString(delegate_->GetDialogType()));
 
   scoped_ptr<base::ListValue> risk_capabilities_list(new base::ListValue());
   for (std::vector<RiskCapability>::const_iterator it =
            full_wallet_request.risk_capabilities.begin();
        it != full_wallet_request.risk_capabilities.end();
        ++it) {
     risk_capabilities_list->AppendString(RiskCapabilityToString(*it));
   }
-  pending_request_body_.Set(kRiskCapabilitiesKey,
-                            risk_capabilities_list.release());
+  request_dict.Set(kRiskCapabilitiesKey, risk_capabilities_list.release());
+
+  std::string json_payload;
+  base::JSONWriter::Write(&request_dict, &json_payload);
 
   crypto::RandBytes(&(one_time_pad_[0]), one_time_pad_.size());
-  encryption_escrow_client_.EncryptOneTimePad(one_time_pad_);
+
+  size_t num_bits = one_time_pad_.size() * 8;
+  DCHECK_LE(num_bits, kMaxBits);
+  DCHECK_GE(num_bits, kMinBits);
+
+  std::string post_body = base::StringPrintf(
+      kGetFullWalletRequestFormat,
+      net::EscapeUrlEncodedData(json_payload, true).c_str(),
+      base::HexEncode(&num_bits, 1).c_str(),
+      base::HexEncode(&(one_time_pad_[0]), one_time_pad_.size()).c_str());
+
+  MakeWalletRequest(GetGetFullWalletUrl(), post_body, kFormEncodedMimeType);
 }
 
-void WalletClient::GetWalletItems(const GURL& source_url) {
+void WalletClient::SaveToWallet(scoped_ptr<Instrument> instrument,
+                                scoped_ptr<Address> address,
+                                const GURL& source_url) {
+  DCHECK(instrument || address);
   if (HasRequestInProgress()) {
-    pending_requests_.push(base::Bind(&WalletClient::GetWalletItems,
+    pending_requests_.push(base::Bind(&WalletClient::SaveToWallet,
                                       base::Unretained(this),
+                                      base::Passed(&instrument),
+                                      base::Passed(&address),
                                       source_url));
     return;
   }
 
   DCHECK_EQ(NO_PENDING_REQUEST, request_type_);
-  request_type_ = GET_WALLET_ITEMS;
+  request_type_ = SAVE_TO_WALLET;

[Dan Beam, 2013/07/02 21:03:11]

this could maybe be made into a helper function

[ahutter, 2013/07/02 21:15:56]

Like a SetRequestType function? or am I missing something?

[Dan Beam, 2013/07/02 21:17:46]

yes

 
   base::DictionaryValue request_dict;
   request_dict.SetString(kApiKeyKey, google_apis::GetAPIKey());
-  request_dict.SetString(kMerchantDomainKey,
-                         source_url.GetWithEmptyPath().spec());
-
-  std::string post_body;
-  base::JSONWriter::Write(&request_dict, &post_body);
-
-  MakeWalletRequest(GetGetWalletItemsUrl(), post_body);
-}
-
-void WalletClient::SaveAddress(const Address& shipping_address,
-                               const GURL& source_url) {
-  if (HasRequestInProgress()) {
-    pending_requests_.push(base::Bind(&WalletClient::SaveAddress,
-                                      base::Unretained(this),
-                                      shipping_address,
-                                      source_url));
-    return;
-  }
-
-  DCHECK_EQ(NO_PENDING_REQUEST, request_type_);
-  request_type_ = SAVE_ADDRESS;
-
-  base::DictionaryValue request_dict;
-  request_dict.SetString(kApiKeyKey, google_apis::GetAPIKey());
   request_dict.SetString(kRiskParamsKey, delegate_->GetRiskData());
   request_dict.SetString(kMerchantDomainKey,
                          source_url.GetWithEmptyPath().spec());
 
-  request_dict.Set(kShippingAddressKey,
-                   shipping_address.ToDictionaryWithID().release());
+  std::string primary_account_number;
+  std::string card_verification_number;
+  if (instrument) {
+    primary_account_number = net::EscapeUrlEncodedData(
+        UTF16ToUTF8(instrument->primary_account_number()), true);
+    card_verification_number = net::EscapeUrlEncodedData(
+        UTF16ToUTF8(instrument->card_verification_number()), true);

[Dan Beam, 2013/07/02 21:03:11]

nit: \n

[ahutter, 2013/07/02 21:15:56]

Done.

+    if (instrument->object_id().empty()) {
+      request_dict.Set(kInstrumentKey, instrument->ToDictionary().release());
+      request_dict.SetString(kInstrumentPhoneNumberKey,
+                             instrument->address()->phone_number());
+    } else {
+      DCHECK(instrument->address() ||
+             (instrument->expiration_month() > 0 &&
+              instrument->expiration_year() > 0));
 
-  std::string post_body;
-  base::JSONWriter::Write(&request_dict, &post_body);
+      request_dict.SetString(kUpgradedInstrumentIdKey,
+                             instrument->object_id());
 
-  MakeWalletRequest(GetSaveToWalletUrl(), post_body);
+      if (instrument->address()) {
+        request_dict.SetString(kInstrumentPhoneNumberKey,
+                               instrument->address()->phone_number());
+        request_dict.Set(
+            kUpgradedBillingAddressKey,
+            instrument->address()->ToDictionaryWithoutID().release());
+      }
+
+      if (instrument->expiration_month() > 0 &&
+          instrument->expiration_year() > 0) {
+        DCHECK(!instrument->card_verification_number().empty());
+        request_dict.SetInteger(kInstrumentExpMonthKey,
+                                instrument->expiration_month());
+        request_dict.SetInteger(kInstrumentExpYearKey,
+                                instrument->expiration_year());
+      }
+
+      if (request_dict.HasKey(kInstrumentKey))
+        request_dict.SetString(kInstrumentType, "CREDIT_CARD");
+    }
+  }
+  if (address) {
+    request_dict.Set(kShippingAddressKey,
+                     address->ToDictionaryWithID().release());
+  }
+

[Dan Beam, 2013/07/02 21:03:11]

^H

[ahutter, 2013/07/02 21:15:56]

Done.

+
+  std::string json_payload;
+  base::JSONWriter::Write(&request_dict, &json_payload);
+
+  std::string post_body = base::StringPrintf(
+      kEscrowSensitiveInformationFormat,
+      net::EscapeUrlEncodedData(json_payload, true).c_str(),
+      card_verification_number.c_str(),
+      primary_account_number.c_str());
+
+  MakeWalletRequest(GetSaveToWalletUrl(), post_body, kFormEncodedMimeType);
 }
 
-void WalletClient::SaveInstrument(
-    const Instrument& instrument,
-    const std::string& obfuscated_gaia_id,
-    const GURL& source_url) {
+void WalletClient::GetWalletItems(const GURL& source_url) {
   if (HasRequestInProgress()) {
-    pending_requests_.push(base::Bind(&WalletClient::SaveInstrument,
+    pending_requests_.push(base::Bind(&WalletClient::GetWalletItems,
                                       base::Unretained(this),
-                                      instrument,
-                                      obfuscated_gaia_id,
                                       source_url));
     return;
   }
 
   DCHECK_EQ(NO_PENDING_REQUEST, request_type_);
-  DCHECK(pending_request_body_.empty());
-  request_type_ = SAVE_INSTRUMENT;
+  request_type_ = GET_WALLET_ITEMS;
 
-  pending_request_body_.SetString(kApiKeyKey, google_apis::GetAPIKey());
-  pending_request_body_.SetString(kRiskParamsKey, delegate_->GetRiskData());
-  pending_request_body_.SetString(kMerchantDomainKey,
-                                  source_url.GetWithEmptyPath().spec());
+  base::DictionaryValue request_dict;
+  request_dict.SetString(kApiKeyKey, google_apis::GetAPIKey());
+  request_dict.SetString(kMerchantDomainKey,
+                         source_url.GetWithEmptyPath().spec());
 
-  pending_request_body_.Set(kInstrumentKey,
-                            instrument.ToDictionary().release());
-  pending_request_body_.SetString(kInstrumentPhoneNumberKey,
-                                  instrument.address().phone_number());
+  std::string post_body;
+  base::JSONWriter::Write(&request_dict, &post_body);
 
-  encryption_escrow_client_.EscrowInstrumentInformation(instrument,
-                                                        obfuscated_gaia_id);
-}
-
-void WalletClient::SaveInstrumentAndAddress(
-    const Instrument& instrument,
-    const Address& address,
-    const std::string& obfuscated_gaia_id,
-    const GURL& source_url) {
-  if (HasRequestInProgress()) {
-    pending_requests_.push(base::Bind(&WalletClient::SaveInstrumentAndAddress,
-                                      base::Unretained(this),
-                                      instrument,
-                                      address,
-                                      obfuscated_gaia_id,
-                                      source_url));
-    return;
-  }
-
-  DCHECK_EQ(NO_PENDING_REQUEST, request_type_);
-  DCHECK(pending_request_body_.empty());
-  request_type_ = SAVE_INSTRUMENT_AND_ADDRESS;
-
-  pending_request_body_.SetString(kApiKeyKey, google_apis::GetAPIKey());
-  pending_request_body_.SetString(kRiskParamsKey, delegate_->GetRiskData());
-  pending_request_body_.SetString(kMerchantDomainKey,
-                                  source_url.GetWithEmptyPath().spec());
-
-  pending_request_body_.Set(kInstrumentKey,
-                            instrument.ToDictionary().release());
-  pending_request_body_.SetString(kInstrumentPhoneNumberKey,
-                              instrument.address().phone_number());
-
-  pending_request_body_.Set(kShippingAddressKey,
-                        address.ToDictionaryWithID().release());
-
-  encryption_escrow_client_.EscrowInstrumentInformation(instrument,
-                                                        obfuscated_gaia_id);
+  MakeWalletRequest(GetGetWalletItemsUrl(), post_body, kJsonMimeType);
 }
 
 void WalletClient::SendAutocheckoutStatus(
     AutocheckoutStatus status,
     const GURL& source_url,
     const std::vector<AutocheckoutStatistic>& latency_statistics,
     const std::string& google_transaction_id) {
   DVLOG(1) << "Sending Autocheckout Status: " << status
            << " for: " << source_url;
   if (HasRequestInProgress()) {
@@ skipping 25 matching lines @@
           latency_statistics[i].ToDictionary().release());
     }
     request_dict.Set(kAutocheckoutStepsKey,
                      latency_statistics_json.release());
   }
   request_dict.SetString(kGoogleTransactionIdKey, google_transaction_id);
 
   std::string post_body;
   base::JSONWriter::Write(&request_dict, &post_body);
 
-  MakeWalletRequest(GetSendStatusUrl(), post_body);
-}
-
-void WalletClient::UpdateAddress(const Address& address,
-                                 const GURL& source_url) {
-  if (HasRequestInProgress()) {
-    pending_requests_.push(base::Bind(&WalletClient::UpdateAddress,
-                                      base::Unretained(this),
-                                      address,
-                                      source_url));
-    return;
-  }
-
-  DCHECK_EQ(NO_PENDING_REQUEST, request_type_);
-  request_type_ = UPDATE_ADDRESS;
-
-  base::DictionaryValue request_dict;
-  request_dict.SetString(kApiKeyKey, google_apis::GetAPIKey());
-  request_dict.SetString(kRiskParamsKey, delegate_->GetRiskData());
-  request_dict.SetString(kMerchantDomainKey,
-                         source_url.GetWithEmptyPath().spec());
-
-  request_dict.Set(kShippingAddressKey,
-                   address.ToDictionaryWithID().release());
-
-  std::string post_body;
-  base::JSONWriter::Write(&request_dict, &post_body);
-
-  MakeWalletRequest(GetSaveToWalletUrl(), post_body);
-}
-
-void WalletClient::UpdateInstrument(
-    const UpdateInstrumentRequest& update_instrument_request,
-    scoped_ptr<Address> billing_address) {
-  if (HasRequestInProgress()) {
-    pending_requests_.push(base::Bind(&WalletClient::UpdateInstrument,
-                                      base::Unretained(this),
-                                      update_instrument_request,
-                                      base::Passed(&billing_address)));
-    return;
-  }
-
-  DCHECK_EQ(NO_PENDING_REQUEST, request_type_);
-  DCHECK(pending_request_body_.empty());
-  DCHECK(update_instrument_request.card_verification_number.empty() ==
-         update_instrument_request.obfuscated_gaia_id.empty());
-  DCHECK(billing_address ||
-         (update_instrument_request.expiration_month > 0 &&
-          update_instrument_request.expiration_year > 0));
-
-  request_type_ = UPDATE_INSTRUMENT;
-
-  base::DictionaryValue* active_request_body;
-  base::DictionaryValue request_dict;
-  if (update_instrument_request.card_verification_number.empty())
-    active_request_body = &request_dict;
-  else
-    active_request_body = &pending_request_body_;
-
-  active_request_body->SetString(kApiKeyKey, google_apis::GetAPIKey());
-  active_request_body->SetString(kRiskParamsKey, delegate_->GetRiskData());
-  active_request_body->SetString(
-      kMerchantDomainKey,
-      update_instrument_request.source_url.GetWithEmptyPath().spec());
-
-  active_request_body->SetString(kUpgradedInstrumentIdKey,
-                                 update_instrument_request.instrument_id);
-
-  if (billing_address) {
-    active_request_body->SetString(kInstrumentPhoneNumberKey,
-                                   billing_address->phone_number());
-    active_request_body->Set(
-        kUpgradedBillingAddressKey,
-        billing_address->ToDictionaryWithoutID().release());
-  }
-
-  if (update_instrument_request.expiration_month > 0 &&
-      update_instrument_request.expiration_year > 0) {
-    DCHECK(!update_instrument_request.card_verification_number.empty());
-    active_request_body->SetInteger(
-        kInstrumentExpMonthKey,
-        update_instrument_request.expiration_month);
-    active_request_body->SetInteger(kInstrumentExpYearKey,
-                                    update_instrument_request.expiration_year);
-  }
-
-  if (active_request_body->HasKey(kInstrumentKey))
-    active_request_body->SetString(kInstrumentType, "CREDIT_CARD");
-
-  if (update_instrument_request.card_verification_number.empty()) {
-    std::string post_body;
-    base::JSONWriter::Write(active_request_body, &post_body);
-    MakeWalletRequest(GetSaveToWalletUrl(), post_body);
-  } else {
-    encryption_escrow_client_.EscrowCardVerificationNumber(
-        update_instrument_request.card_verification_number,
-        update_instrument_request.obfuscated_gaia_id);
-  }
+  MakeWalletRequest(GetSendStatusUrl(), post_body, kJsonMimeType);
 }
 
 bool WalletClient::HasRequestInProgress() const {
-  // |SaveInstrument*()| and |UpdateInstrument()| methods don't set |request_|
-  // until sensitive info has been escrowed, so this class is considered to have
-  // a request in progress if |encryption_escrow_client_| is working as well.
-  return request_ || encryption_escrow_client_.HasRequestInProgress();
+  return request_;
 }
 
 void WalletClient::CancelRequests() {
-  encryption_escrow_client_.CancelRequest();
-  pending_request_body_.Clear();
   request_.reset();
   request_type_ = NO_PENDING_REQUEST;
   while (!pending_requests_.empty()) {
     pending_requests_.pop();
   }
 }
 
 void WalletClient::DoAcceptLegalDocuments(
     const std::vector<std::string>& document_ids,
     const std::string& google_transaction_id,
@@ skipping 19 matching lines @@
   for (std::vector<std::string>::const_iterator it = document_ids.begin();
        it != document_ids.end(); ++it) {
     if (!it->empty())
       docs_list->AppendString(*it);
   }
   request_dict.Set(kAcceptedLegalDocumentKey, docs_list.release());
 
   std::string post_body;
   base::JSONWriter::Write(&request_dict, &post_body);
 
-  MakeWalletRequest(GetAcceptLegalDocumentsUrl(), post_body);
+  MakeWalletRequest(GetAcceptLegalDocumentsUrl(), post_body, kJsonMimeType);
 }
 
 void WalletClient::MakeWalletRequest(const GURL& url,
-                                     const std::string& post_body) {
+                                     const std::string& post_body,
+                                     const std::string& mime_type) {
   DCHECK(!HasRequestInProgress());
 
   request_.reset(net::URLFetcher::Create(
       0, url, net::URLFetcher::POST, this));
   request_->SetRequestContext(context_getter_.get());
   DVLOG(1) << "Making request to " << url << " with post_body=" << post_body;
-  request_->SetUploadData(kJsonMimeType, post_body);
+  request_->SetUploadData(mime_type, post_body);
   request_started_timestamp_ = base::Time::Now();
   request_->Start();
 
   delegate_->GetMetricLogger().LogWalletErrorMetric(
       delegate_->GetDialogType(),
       AutofillMetrics::WALLET_ERROR_BASELINE_ISSUED_REQUEST);
   delegate_->GetMetricLogger().LogWalletRequiredActionMetric(
       delegate_->GetDialogType(),
       AutofillMetrics::WALLET_REQUIRED_ACTION_BASELINE_ISSUED_REQUEST);
 }
@@ skipping 104 matching lines @@
           WalletItems::CreateWalletItems(*response_dict));
       if (wallet_items) {
         LogRequiredActions(wallet_items->required_actions());
         delegate_->OnDidGetWalletItems(wallet_items.Pass());
       } else {
         HandleMalformedResponse();
       }
       break;
     }
 
-    case SAVE_ADDRESS: {
-      std::string shipping_address_id;
-      std::vector<RequiredAction> required_actions;
-      GetRequiredActionsForSaveToWallet(*response_dict, &required_actions);
-      std::vector<FormFieldError> form_errors;
-      GetFormFieldErrors(*response_dict, &form_errors);
-      if (response_dict->GetString(kShippingAddressIdKey,
-                                   &shipping_address_id) ||
-          !required_actions.empty()) {
-        LogRequiredActions(required_actions);
-        delegate_->OnDidSaveAddress(shipping_address_id,
-                                    required_actions,
-                                    form_errors);
-      } else {
-        HandleMalformedResponse();
-      }
-      break;
-    }
-
-    case SAVE_INSTRUMENT: {
-      std::string instrument_id;
-      std::vector<RequiredAction> required_actions;
-      GetRequiredActionsForSaveToWallet(*response_dict, &required_actions);
-      std::vector<FormFieldError> form_errors;
-      GetFormFieldErrors(*response_dict, &form_errors);
-      if (response_dict->GetString(kInstrumentIdKey, &instrument_id) ||
-          !required_actions.empty()) {
-        LogRequiredActions(required_actions);
-        delegate_->OnDidSaveInstrument(instrument_id,
-                                       required_actions,
-                                       form_errors);
-      } else {
-        HandleMalformedResponse();
-      }
-      break;
-    }
-
-    case SAVE_INSTRUMENT_AND_ADDRESS: {
+    case SAVE_TO_WALLET: {
       std::string instrument_id;
       response_dict->GetString(kInstrumentIdKey, &instrument_id);
       std::string shipping_address_id;
       response_dict->GetString(kShippingAddressIdKey,
                                &shipping_address_id);
       std::vector<RequiredAction> required_actions;
       GetRequiredActionsForSaveToWallet(*response_dict, &required_actions);
       std::vector<FormFieldError> form_errors;
       GetFormFieldErrors(*response_dict, &form_errors);
-      if ((!instrument_id.empty() && !shipping_address_id.empty()) ||
-          !required_actions.empty()) {
+      if (instrument_id.empty() && shipping_address_id.empty() &&
+          required_actions.empty()) {
+        HandleMalformedResponse();
+      } else {
         LogRequiredActions(required_actions);
-        delegate_->OnDidSaveInstrumentAndAddress(instrument_id,
-                                                 shipping_address_id,
-                                                 required_actions,
-                                                 form_errors);
-      } else {
-        HandleMalformedResponse();
+        delegate_->OnDidSaveToWallet(instrument_id,
+                                     shipping_address_id,
+                                     required_actions,
+                                     form_errors);
       }
       break;
     }
-
-    case UPDATE_ADDRESS: {
-      std::string address_id;
-      std::vector<RequiredAction> required_actions;
-      GetRequiredActionsForSaveToWallet(*response_dict, &required_actions);
-      std::vector<FormFieldError> form_errors;
-      GetFormFieldErrors(*response_dict, &form_errors);
-      if (response_dict->GetString(kShippingAddressIdKey, &address_id) ||
-          !required_actions.empty()) {
-        LogRequiredActions(required_actions);
-        delegate_->OnDidUpdateAddress(address_id,
-                                      required_actions,
-                                      form_errors);
-      } else {
-        HandleMalformedResponse();
-      }
-      break;
-    }
-
-    case UPDATE_INSTRUMENT: {
-      std::string instrument_id;
-      std::vector<RequiredAction> required_actions;
-      GetRequiredActionsForSaveToWallet(*response_dict, &required_actions);
-      std::vector<FormFieldError> form_errors;
-      GetFormFieldErrors(*response_dict, &form_errors);
-      if (response_dict->GetString(kInstrumentIdKey, &instrument_id) ||
-          !required_actions.empty()) {
-        LogRequiredActions(required_actions);
-        delegate_->OnDidUpdateInstrument(instrument_id,
-                                         required_actions,
-                                         form_errors);
-      } else {
-        HandleMalformedResponse();
-      }
-      break;
-    }
 
     case NO_PENDING_REQUEST:
       NOTREACHED();
   }
 
   request_.reset();
   StartNextPendingRequest();
 }
 
 void WalletClient::StartNextPendingRequest() {
@@ skipping 10 matching lines @@
   request_->ReceivedContentWasMalformed();
   HandleWalletError(MALFORMED_RESPONSE);
 }
 
 void WalletClient::HandleWalletError(WalletClient::ErrorType error_type) {
   delegate_->OnWalletError(error_type);
   delegate_->GetMetricLogger().LogWalletErrorMetric(
       delegate_->GetDialogType(), ErrorTypeToUmaMetric(error_type));
 }
 
-void WalletClient::OnDidEncryptOneTimePad(
-    const std::string& encrypted_one_time_pad,
-    const std::string& session_material) {
-  DCHECK_EQ(GET_FULL_WALLET, request_type_);
-  pending_request_body_.SetString(kEncryptedOtpKey, encrypted_one_time_pad);
-  pending_request_body_.SetString(kSessionMaterialKey, session_material);
-
-  std::string post_body;
-  base::JSONWriter::Write(&pending_request_body_, &post_body);
-  pending_request_body_.Clear();
-
-  MakeWalletRequest(GetGetFullWalletUrl(), post_body);
-}
-
-void WalletClient::OnDidEscrowInstrumentInformation(
-    const std::string& escrow_handle) {
-  DCHECK(request_type_ == SAVE_INSTRUMENT ||
-         request_type_ == SAVE_INSTRUMENT_AND_ADDRESS);
-
-  pending_request_body_.SetString(kInstrumentEscrowHandleKey, escrow_handle);
-
-  std::string post_body;
-  base::JSONWriter::Write(&pending_request_body_, &post_body);
-  pending_request_body_.Clear();
-
-  MakeWalletRequest(GetSaveToWalletUrl(), post_body);
-}
-
-void WalletClient::OnDidEscrowCardVerificationNumber(
-    const std::string& escrow_handle) {
-  DCHECK(request_type_ == AUTHENTICATE_INSTRUMENT ||
-         request_type_ == UPDATE_INSTRUMENT);
-  pending_request_body_.SetString(kInstrumentEscrowHandleKey, escrow_handle);
-
-  std::string post_body;
-  base::JSONWriter::Write(&pending_request_body_, &post_body);
-  pending_request_body_.Clear();
-
-  if (request_type_ == AUTHENTICATE_INSTRUMENT)
-    MakeWalletRequest(GetAuthenticateInstrumentUrl(), post_body);
-  else
-    MakeWalletRequest(GetSaveToWalletUrl(), post_body);
-}
-
-void WalletClient::OnDidMakeRequest() {
-  delegate_->GetMetricLogger().LogWalletErrorMetric(
-      delegate_->GetDialogType(),
-      AutofillMetrics::WALLET_ERROR_BASELINE_ISSUED_REQUEST);
-}
-
-void WalletClient::OnNetworkError() {
-  HandleWalletError(NETWORK_ERROR);
-}
-
-void WalletClient::OnMalformedResponse() {
-  HandleWalletError(MALFORMED_RESPONSE);
-}
-
 // Logs an UMA metric for each of the |required_actions|.
 void WalletClient::LogRequiredActions(
     const std::vector<RequiredAction>& required_actions) const {
   for (size_t i = 0; i < required_actions.size(); ++i) {
     delegate_->GetMetricLogger().LogWalletRequiredActionMetric(
         delegate_->GetDialogType(),
         RequiredActionToUmaMetric(required_actions[i]));
   }
 }
 
 AutofillMetrics::WalletApiCallMetric WalletClient::RequestTypeToUmaMetric(
     RequestType request_type) const {
   switch (request_type) {
     case ACCEPT_LEGAL_DOCUMENTS:
       return AutofillMetrics::ACCEPT_LEGAL_DOCUMENTS;
     case AUTHENTICATE_INSTRUMENT:
       return AutofillMetrics::AUTHENTICATE_INSTRUMENT;
     case GET_FULL_WALLET:
       return AutofillMetrics::GET_FULL_WALLET;
     case GET_WALLET_ITEMS:
       return AutofillMetrics::GET_WALLET_ITEMS;
-    case SAVE_ADDRESS:
-      return AutofillMetrics::SAVE_ADDRESS;
-    case SAVE_INSTRUMENT:
-      return AutofillMetrics::SAVE_INSTRUMENT;
-    case SAVE_INSTRUMENT_AND_ADDRESS:
-      return AutofillMetrics::SAVE_INSTRUMENT_AND_ADDRESS;
+    case SAVE_TO_WALLET:
+      return AutofillMetrics::SAVE_TO_WALLET;
     case SEND_STATUS:
       return AutofillMetrics::SEND_STATUS;
-    case UPDATE_ADDRESS:
-      return AutofillMetrics::UPDATE_ADDRESS;
-    case UPDATE_INSTRUMENT:
-      return AutofillMetrics::UPDATE_INSTRUMENT;
     case NO_PENDING_REQUEST:
       NOTREACHED();
       return AutofillMetrics::UNKNOWN_API_CALL;
   }
 
   NOTREACHED();
   return AutofillMetrics::UNKNOWN_API_CALL;
 }
 
 }  // namespace wallet
 }  // namespace autofill