1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/autofill/core/browser/password_generator.h"
10 #include "base/basictypes.h"
11 #include "base/rand_util.h"
12 #include "base/strings/string_util.h"
13 #include "third_party/fips181/fips181.h"
15 const int kMinUpper
= 65; // First upper case letter 'A'
16 const int kMaxUpper
= 90; // Last upper case letter 'Z'
17 const int kMinLower
= 97; // First lower case letter 'a'
18 const int kMaxLower
= 122; // Last lower case letter 'z'
19 const int kMinDigit
= 48; // First digit '0'
20 const int kMaxDigit
= 57; // Last digit '9'
21 const int kMinPasswordLength
= 4;
22 const int kMaxPasswordLength
= 15;
26 // A helper function to get the length of the generated password from
27 // |max_length| retrieved from input password field.
28 int GetLengthFromHint(int max_length
, int default_length
) {
29 if (max_length
>= kMinPasswordLength
&& max_length
<= kMaxPasswordLength
)
32 return default_length
;
35 // We want the password to have uppercase, lowercase, and at least one number.
36 bool VerifyPassword(const std::string
& password
) {
37 int num_lower_case
= 0;
38 int num_upper_case
= 0;
41 for (size_t i
= 0; i
< password
.size(); ++i
) {
42 if (password
[i
] >= kMinUpper
&& password
[i
] <= kMaxUpper
)
44 if (password
[i
] >= kMinLower
&& password
[i
] <= kMaxLower
)
46 if (password
[i
] >= kMinDigit
&& password
[i
] <= kMaxDigit
)
50 return num_lower_case
&& num_upper_case
&& num_digits
;
53 // Make sure that there is at least one upper case and one number in the
54 // password. Assume that there already exists a lower case letter as it's the
55 // default from gen_pron_pass.
56 void ForceFixPassword(std::string
* password
) {
57 for (std::string::iterator iter
= password
->begin();
58 iter
!= password
->end(); ++iter
) {
60 *iter
= base::ToUpperASCII(*iter
);
64 for (std::string::reverse_iterator iter
= password
->rbegin();
65 iter
!= password
->rend(); ++iter
) {
67 *iter
= base::RandInt(kMinDigit
, kMaxDigit
);
77 const int PasswordGenerator::kDefaultPasswordLength
= 12;
79 PasswordGenerator::PasswordGenerator(int max_length
)
80 : password_length_(GetLengthFromHint(max_length
, kDefaultPasswordLength
)) {}
81 PasswordGenerator::~PasswordGenerator() {}
83 std::string
PasswordGenerator::Generate() const {
85 char unused_hypenated_password
[255];
86 // Generate passwords that have numbers and upper and lower case letters.
87 // No special characters included for now.
88 unsigned int mode
= S_NB
| S_CL
| S_SL
;
90 // gen_pron_pass() doesn't guarantee that it includes all of the type given
91 // in mode, so regenerate a few times if neccessary.
92 // TODO(gcasto): Is it worth regenerating at all?
93 for (int i
= 0; i
< 10; ++i
) {
94 gen_pron_pass(password
, unused_hypenated_password
,
95 password_length_
, password_length_
, mode
);
96 if (VerifyPassword(password
))
100 // If the password still isn't conforming after a few iterations, force it
101 // to be so. This may change a syllable in the password.
102 std::string
str_password(password
);
103 if (!VerifyPassword(str_password
)) {
104 ForceFixPassword(&str_password
);
109 } // namespace autofill