search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cygprofile: increase timeouts to allow showing web contents
[chromium-blink-merge.git] / components / password_manager / core / browser / affiliation_utils.cc
blob059d5f8b535f45df5491c2800641b88756dc9c7c
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/password_manager/core/browser/affiliation_utils.h"
6
7 #include <algorithm>
8 #include <ostream>
9
10 #include "base/base64.h"
11 #include "base/command_line.h"
12 #include "base/metrics/field_trial.h"
13 #include "base/strings/string_piece.h"
14 #include "base/strings/string_util.h"
15 #include "components/autofill/core/common/password_form.h"
16 #include "components/password_manager/core/common/password_manager_switches.h"
17 #include "components/url_formatter/url_formatter.h"
18 #include "components/variations/variations_associated_data.h"
19 #include "net/base/escape.h"
20 #include "url/third_party/mozilla/url_parse.h"
21 #include "url/url_canon_stdstring.h"
22
23 namespace password_manager {
24
25 namespace {
26
27 // The scheme used for identifying Android applications.
28 const char kAndroidAppScheme[] = "android";
29
30 // The name of the field trial controlling affiliation-based matching.
31 const char kFieldTrialName[] = "AffiliationBasedMatching";
32
33 // Returns a StringPiece corresponding to |component| in |uri|, or the empty
34 // string in case there is no such component.
35 base::StringPiece ComponentString(const std::string& uri,
36 const url::Component& component) {
37 if (!component.is_valid())
38 return base::StringPiece();
39 return base::StringPiece(uri.c_str() + component.begin, component.len);
40 }
41
42 // Returns true if the passed ASCII |input| string contains nothing else than
43 // alphanumeric characters and those in |other_characters|.
44 bool ContainsOnlyAlphanumericAnd(const base::StringPiece& input,
45 const base::StringPiece& other_characters) {
46 for (char c : input) {
47 if (!base::IsAsciiAlpha(c) && !base::IsAsciiDigit(c) &&
48 other_characters.find(c) == base::StringPiece::npos)
49 return false;
50 }
51 return true;
52 }
53
54 // Canonicalizes a Web facet URI, and returns true if canonicalization was
55 // successful and produced a valid URI.
56 bool CanonicalizeWebFacetURI(const std::string& input_uri,
57 const url::Parsed& input_parsed,
58 std::string* canonical_uri) {
59 url::Parsed canonical_parsed;
60 url::StdStringCanonOutput canonical_output(canonical_uri);
61
62 bool canonicalization_succeeded = url::CanonicalizeStandardURL(
63 input_uri.c_str(), input_uri.size(), input_parsed, nullptr,
64 &canonical_output, &canonical_parsed);
65 canonical_output.Complete();
66
67 if (canonicalization_succeeded && canonical_parsed.host.is_nonempty() &&
68 !canonical_parsed.username.is_valid() &&
69 !canonical_parsed.password.is_valid() &&
70 ComponentString(*canonical_uri, canonical_parsed.path) == "/" &&
71 !canonical_parsed.query.is_valid() && !canonical_parsed.ref.is_valid()) {
72 // Get rid of the trailing slash added by url::CanonicalizeStandardURL().
73 DCHECK_EQ((size_t)canonical_parsed.path.begin, canonical_uri->size() - 1);
74 canonical_uri->erase(canonical_parsed.path.begin,
75 canonical_parsed.path.len);
76 return true;
77 }
78 return false;
79 }
80
81 // Adds padding until the length of the base64-encoded |data| becomes a multiple
82 // of 4, and returns true if the thusly obtained |data| is now correctly padded,
83 // i.e., there are at most 2 padding characters ('=') at the very end.
84 bool CanonicalizeBase64Padding(std::string* data) {
85 while (data->size() % 4u != 0u)
86 data->push_back('=');
87
88 size_t first_padding = data->find_first_of('=');
89 return first_padding == std::string::npos ||
90 (data->size() - first_padding <= 2u &&
91 data->find_first_not_of('=', first_padding) == std::string::npos);
92 }
93
94 // Canonicalizes the username component in an Android facet URI (containing the
95 // certificate hash), and returns true if canonicalization was successful and
96 // produced a valid non-empty component.
97 bool CanonicalizeHashComponent(const base::StringPiece& input_hash,
98 url::CanonOutput* canonical_output) {
99 // Characters other than alphanumeric that are used in the "URL and filename
100 // safe" base64 alphabet; plus the padding ('=').
101 const char kBase64NonAlphanumericChars[] = "-_=";
102
103 // We need net::UnescapeRule::URL_SPECIAL_CHARS to unescape the padding ('=').
104 std::string base64_encoded_hash = net::UnescapeURLComponent(
105 input_hash.as_string(), net::UnescapeRule::URL_SPECIAL_CHARS);
106
107 if (!base64_encoded_hash.empty() &&
108 CanonicalizeBase64Padding(&base64_encoded_hash) &&
109 ContainsOnlyAlphanumericAnd(base64_encoded_hash,
110 kBase64NonAlphanumericChars)) {
111 canonical_output->Append(base64_encoded_hash.data(),
112 base64_encoded_hash.size());
113 canonical_output->push_back('@');
114 return true;
115 }
116 return false;
117 }
118
119 // Canonicalizes the host component in an Android facet URI (containing the
120 // package name), and returns true if canonicalization was successful and
121 // produced a valid non-empty component.
122 bool CanonicalizePackageNameComponent(
123 const base::StringPiece& input_package_name,
124 url::CanonOutput* canonical_output) {
125 // Characters other than alphanumeric that are permitted in the package names.
126 const char kPackageNameNonAlphanumericChars[] = "._";
127
128 std::string package_name = net::UnescapeURLComponent(
129 input_package_name.as_string(), net::UnescapeRule::NORMAL);
130
131 // TODO(engedy): We might want to use a regex to check this more throughly.
132 if (!package_name.empty() &&
133 ContainsOnlyAlphanumericAnd(package_name,
134 kPackageNameNonAlphanumericChars)) {
135 canonical_output->Append(package_name.data(), package_name.size());
136 return true;
137 }
138 return false;
139 }
140
141 // Canonicalizes an Android facet URI, and returns true if canonicalization was
142 // successful and produced a valid URI.
143 bool CanonicalizeAndroidFacetURI(const std::string& input_uri,
144 const url::Parsed& input_parsed,
145 std::string* canonical_uri) {
146 url::StdStringCanonOutput canonical_output(canonical_uri);
147
148 url::Component unused;
149 bool success = url::CanonicalizeScheme(
150 input_uri.c_str(), input_parsed.scheme, &canonical_output, &unused);
151
152 canonical_output.push_back('/');
153 canonical_output.push_back('/');
154
155 // We cannot use url::CanonicalizeUserInfo as that would percent encode the
156 // base64 padding characters ('=').
157 success &= CanonicalizeHashComponent(
158 ComponentString(input_uri, input_parsed.username), &canonical_output);
159
160 // We cannot use url::CanonicalizeHost as that would convert the package name
161 // to lower case, but the package name is case sensitive.
162 success &= CanonicalizePackageNameComponent(
163 ComponentString(input_uri.data(), input_parsed.host), &canonical_output);
164
165 canonical_output.Complete();
166
167 return success && !input_parsed.password.is_nonempty() &&
168 (!input_parsed.path.is_nonempty() ||
169 ComponentString(input_uri, input_parsed.path) == "/") &&
170 !input_parsed.port.is_nonempty() && !input_parsed.query.is_valid() &&
171 !input_parsed.ref.is_valid();
172 }
173
174 // Computes the canonicalized form of |uri| into |canonical_uri|, and returns
175 // true if canonicalization was successful and produced a valid URI.
176 bool ParseAndCanonicalizeFacetURI(const std::string& input_uri,
177 std::string* canonical_uri) {
178 DCHECK(canonical_uri);
179 canonical_uri->clear();
180 canonical_uri->reserve(input_uri.size() + 32);
181
182 url::Parsed input_parsed;
183 url::ParseStandardURL(input_uri.c_str(), input_uri.size(), &input_parsed);
184
185 base::StringPiece scheme = ComponentString(input_uri, input_parsed.scheme);
186 if (base::LowerCaseEqualsASCII(scheme, url::kHttpsScheme)) {
187 return CanonicalizeWebFacetURI(input_uri, input_parsed, canonical_uri);
188 } else if (base::LowerCaseEqualsASCII(scheme, kAndroidAppScheme)) {
189 return CanonicalizeAndroidFacetURI(input_uri, input_parsed, canonical_uri);
190 }
191 return false;
192 }
193
194 } // namespace
195
196
197 // FacetURI -------------------------------------------------------------------
198
199 FacetURI::FacetURI() : is_valid_(false) {
200 }
201
202 // static
203 FacetURI FacetURI::FromPotentiallyInvalidSpec(const std::string& spec) {
204 std::string canonical_spec;
205 bool is_valid = ParseAndCanonicalizeFacetURI(spec, &canonical_spec);
206 return FacetURI(canonical_spec, is_valid);
207 }
208
209 // static
210 FacetURI FacetURI::FromCanonicalSpec(const std::string& canonical_spec) {
211 return FacetURI(canonical_spec, true);
212 }
213
214 bool FacetURI::operator==(const FacetURI& other) const {
215 DCHECK(is_empty() || is_valid());
216 DCHECK(other.is_empty() || other.is_valid());
217 return canonical_spec_ == other.canonical_spec_;
218 }
219
220 bool FacetURI::operator!=(const FacetURI& other) const {
221 DCHECK(is_empty() || is_valid());
222 DCHECK(other.is_empty() || other.is_valid());
223 return canonical_spec_ != other.canonical_spec_;
224 }
225
226 bool FacetURI::operator<(const FacetURI& other) const {
227 DCHECK(is_empty() || is_valid());
228 DCHECK(other.is_empty() || other.is_valid());
229 return canonical_spec_ < other.canonical_spec_;
230 }
231
232 bool FacetURI::operator>(const FacetURI& other) const {
233 DCHECK(is_empty() || is_valid());
234 DCHECK(other.is_empty() || other.is_valid());
235 return canonical_spec_ > other.canonical_spec_;
236 }
237
238 bool FacetURI::IsValidWebFacetURI() const {
239 return scheme() == url::kHttpsScheme;
240 }
241
242 bool FacetURI::IsValidAndroidFacetURI() const {
243 return scheme() == kAndroidAppScheme;
244 }
245
246 std::string FacetURI::scheme() const {
247 return is_valid()
248 ? ComponentString(canonical_spec_, parsed_.scheme).as_string()
249 : "";
250 }
251
252 std::string FacetURI::android_package_name() const {
253 if (!IsValidAndroidFacetURI())
254 return "";
255 return ComponentString(canonical_spec_, parsed_.host).as_string();
256 }
257
258 FacetURI::FacetURI(const std::string& canonical_spec, bool is_valid)
259 : is_valid_(is_valid), canonical_spec_(canonical_spec) {
260 // TODO(engedy): Refactor code in order to avoid to avoid parsing the URL
261 // twice.
262 url::ParseStandardURL(canonical_spec_.c_str(), canonical_spec_.size(),
263 &parsed_);
264 }
265
266
267 // AffiliatedFacetsWithUpdateTime ---------------------------------------------
268
269 AffiliatedFacetsWithUpdateTime::AffiliatedFacetsWithUpdateTime() {
270 }
271
272 AffiliatedFacetsWithUpdateTime::~AffiliatedFacetsWithUpdateTime() {
273 }
274
275
276 // Helpers --------------------------------------------------------------------
277
278 std::ostream& operator<<(std::ostream& os, const FacetURI& facet_uri) {
279 return os << facet_uri.potentially_invalid_spec();
280 }
281
282 bool AreEquivalenceClassesEqual(const AffiliatedFacets& a,
283 const AffiliatedFacets& b) {
284 if (a.size() != b.size())
285 return false;
286
287 std::vector<FacetURI> a_sorted(a.begin(), a.end());
288 std::vector<FacetURI> b_sorted(b.begin(), b.end());
289 std::sort(a_sorted.begin(), a_sorted.end());
290 std::sort(b_sorted.begin(), b_sorted.end());
291 return std::equal(a_sorted.begin(), a_sorted.end(), b_sorted.begin());
292 }
293
294 bool IsAffiliationBasedMatchingEnabled(const base::CommandLine& command_line) {
295 // Note: It is important to always query the field trial state, to ensure that
296 // UMA reports the correct group.
297 const std::string group_name =
298 base::FieldTrialList::FindFullName(kFieldTrialName);
299
300 if (command_line.HasSwitch(switches::kDisableAffiliationBasedMatching))
301 return false;
302 if (command_line.HasSwitch(switches::kEnableAffiliationBasedMatching))
303 return true;
304 return base::StartsWith(group_name, "Enabled",
305 base::CompareCase::INSENSITIVE_ASCII);
306 }
307
308 bool IsPropagatingPasswordChangesToWebCredentialsEnabled(
309 const base::CommandLine& command_line) {
310 // Note: It is important to always query the variation param first, which, in
311 // turn, queries the field trial state, which ensures that UMA reports the
312 // correct group if it is forced by a command line flag.
313 const std::string update_enabled = variations::GetVariationParamValue(
314 kFieldTrialName, "propagate_password_changes_to_web");
315
316 if (command_line.HasSwitch(switches::kDisableAffiliationBasedMatching))
317 return false;
318 if (command_line.HasSwitch(switches::kEnableAffiliationBasedMatching))
319 return true;
320 return base::LowerCaseEqualsASCII(update_enabled, "enabled");
321 }
322
323 bool IsAffiliationRequestsForDummyFacetsEnabled(
324 const base::CommandLine& command_line) {
325 const std::string synthesizing_enabled = variations::GetVariationParamValue(
326 kFieldTrialName, "affiliation_requests_for_dummy_facets");
327 if (command_line.HasSwitch(switches::kDisableAffiliationBasedMatching))
328 return false;
329 if (command_line.HasSwitch(switches::kEnableAffiliationBasedMatching))
330 return true;
331 return base::LowerCaseEqualsASCII(synthesizing_enabled, "enabled");
332 }
333
334 bool IsValidAndroidFacetURI(const std::string& url) {
335 FacetURI facet = FacetURI::FromPotentiallyInvalidSpec(url);
336 return facet.IsValidAndroidFacetURI();
337 }
338
339 std::string GetHumanReadableOrigin(const autofill::PasswordForm& password_form,
340 const std::string& languages) {
341 password_manager::FacetURI facet_uri =
342 password_manager::FacetURI::FromPotentiallyInvalidSpec(
343 password_form.signon_realm);
344 if (facet_uri.IsValidAndroidFacetURI())
345 return facet_uri.scheme() + "://" + facet_uri.android_package_name();
346 return base::UTF16ToUTF8(
347 url_formatter::FormatUrl(password_form.origin, languages));
348 }
349
350 } // namespace password_manager