Implement Federated PSL Matches in Native Backends

components/password_manager/core/browser/login_database.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/password_manager/core/browser/login_database.h"
 
 #include <stddef.h>
 #include <stdint.h>
 #include <algorithm>
 #include <limits>
@@ skipping 1065 matching lines @@
     std::string scheme = signon_realm.scheme();
     // We need to escape . in the scheme. Since the scheme has already been
     // sanitized using GURL, we do not need to escape any other characters.
     // The scheme soap.beep is an example with '.'.
     base::ReplaceChars(scheme, ".", "\\.", &scheme);
     const std::string port = signon_realm.port();
     // For a signon realm such as http://foo.bar/, this regexp will match
     // domains on the form http://foo.bar/, http://www.foo.bar/,
     // http://www.mobile.foo.bar/. It will not match http://notfoo.bar/.
     // The scheme and port has to be the same as the observed form.
     std::string regexp = "^(" + scheme + ":\\/\\/)([\\w-]+\\.)*" +

[jdoerrie, 2017/01/25 13:54:19]

Slightly offtopic: Should we make this less restrictive and allow other
characters in subdomains as well? Currently we would not include subdomains
containing the following characters: ~:/?#[]@!$&'()*,;= 

We are filtering later anyway, so there should be no risk in matching more URLs
here.

[vasilii, 2017/01/26 13:35:17]

If it means making the regex more difficult to read then the answer is not now
:-)
What we should double check is that non-latin domains are supported fine (e.g.
https://xn--f1ae4a2b.xn--p1ai/ in Punycode). But I just did it.

[jdoerrie, 2017/01/26 14:47:55]

Alright. It probably would actually simplify the regex, but there is no reason
to change it, if this is working properly.

                          registered_domain + "(:" + port + ")?\\/$";
     s.BindString(placeholder++, regexp);
 
     if (should_federated_apply) {
       // This regex matches any subdomain of |registered_domain|, in particular
       // it matches the empty subdomain. Hence exact domain matches are also
       // retrieved.
       s.BindString(placeholder++,
                    "^federation://([\\w-]+\\.)*" + registered_domain + "/.+$");

[jdoerrie, 2017/01/25 13:54:19]

Same as above.

     }
   } else if (should_federated_apply) {
     std::string expression =
         base::StringPrintf("federation://%s/%%", form.origin.host().c_str());
     s.BindString(placeholder++, expression);
   }
 
   if (!should_PSL_matching_apply && !should_federated_apply) {
     // Otherwise the histogram is reported in StatementToForms.
     UMA_HISTOGRAM_ENUMERATION("PasswordManager.PslDomainMatchTriggering",
@@ skipping 104 matching lines @@
   forms->clear();
   while (statement->Step()) {
     auto new_form = base::MakeUnique<PasswordForm>();
     EncryptionResult result =
         InitPasswordFormFromStatement(new_form.get(), *statement);
     if (result == ENCRYPTION_RESULT_SERVICE_FAILURE)
       return false;
     if (result == ENCRYPTION_RESULT_ITEM_FAILURE)
       continue;
     DCHECK_EQ(ENCRYPTION_RESULT_SUCCESS, result);
-    if (matched_form && matched_form->signon_realm != new_form->signon_realm) {
-      if (new_form->scheme != PasswordForm::SCHEME_HTML)
-        continue;  // Ignore non-HTML matches.
 
-      if (IsPublicSuffixDomainMatch(new_form->signon_realm,
-                                    matched_form->signon_realm)) {
-        psl_domain_match_metric = PSL_DOMAIN_MATCH_FOUND;
-        new_form->is_public_suffix_match = true;
-      } else if (!new_form->federation_origin.unique() &&
-                 IsFederatedMatch(new_form->signon_realm,
-                                  matched_form->origin)) {
-      } else if (!new_form->federation_origin.unique() &&
-                 IsFederatedPSLMatch(new_form->signon_realm,
-                                     matched_form->origin)) {
-        psl_domain_match_metric = PSL_DOMAIN_MATCH_FOUND_FEDERATED;
-        new_form->is_public_suffix_match = true;
-      } else {
-        continue;
+    if (matched_form) {
+      switch (GetMatchResult(*new_form, *matched_form)) {
+        case MatchResult::NO_MATCH:
+          continue;
+        case MatchResult::EXACT_MATCH:
+          break;
+        case MatchResult::PSL_MATCH:
+          psl_domain_match_metric = PSL_DOMAIN_MATCH_FOUND;
+          new_form->is_public_suffix_match = true;
+          break;
+        case MatchResult::FEDERATED_MATCH:
+          break;
+        case MatchResult::FEDERATED_PSL_MATCH:
+          psl_domain_match_metric = PSL_DOMAIN_MATCH_FOUND_FEDERATED;
+          new_form->is_public_suffix_match = true;
+          break;
       }
     }
+
     forms->push_back(std::move(new_form));
   }
 
   if (matched_form) {
     UMA_HISTOGRAM_ENUMERATION("PasswordManager.PslDomainMatchTriggering",
                               psl_domain_match_metric, PSL_DOMAIN_MATCH_COUNT);
   }
 
   if (!statement->Succeeded())
     return false;
@@ skipping 60 matching lines @@
   DCHECK(blacklisted_statement_.empty());
   blacklisted_statement_ =
       "SELECT " + all_column_names +
       " FROM logins WHERE blacklisted_by_user == ? ORDER BY origin_url";
   DCHECK(encrypted_statement_.empty());
   encrypted_statement_ =
       "SELECT password_value FROM logins WHERE " + all_unique_key_column_names;
 }
 
 }  // namespace password_manager