1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "components/autofill/core/browser/password_generator.h" 6 7 #include <algorithm> 8 #include <vector> 9 10 #include "base/basictypes.h" 11 #include "base/rand_util.h" 12 #include "base/strings/string_util.h" 13 #include "third_party/fips181/fips181.h" 14 15 const int kMinUpper = 65; // First upper case letter 'A' 16 const int kMaxUpper = 90; // Last upper case letter 'Z' 17 const int kMinLower = 97; // First lower case letter 'a' 18 const int kMaxLower = 122; // Last lower case letter 'z' 19 const int kMinDigit = 48; // First digit '0' 20 const int kMaxDigit = 57; // Last digit '9' 21 const int kMinPasswordLength = 4; 22 const int kMaxPasswordLength = 15; 23 24 namespace { 25 26 // A helper function to get the length of the generated password from 27 // |max_length| retrieved from input password field. 28 int GetLengthFromHint(int max_length, int default_length) { 29 if (max_length >= kMinPasswordLength && max_length <= kMaxPasswordLength) 30 return max_length; 31 else 32 return default_length; 33 } 34 35 // We want the password to have uppercase, lowercase, and at least one number. 36 bool VerifyPassword(const std::string& password) { 37 int num_lower_case = 0; 38 int num_upper_case = 0; 39 int num_digits = 0; 40 41 for (size_t i = 0; i < password.size(); ++i) { 42 if (password[i] >= kMinUpper && password[i] <= kMaxUpper) 43 ++num_upper_case; 44 if (password[i] >= kMinLower && password[i] <= kMaxLower) 45 ++num_lower_case; 46 if (password[i] >= kMinDigit && password[i] <= kMaxDigit) 47 ++num_digits; 48 } 49 50 return num_lower_case && num_upper_case && num_digits; 51 } 52 53 // Make sure that there is at least one upper case and one number in the 54 // password. Assume that there already exists a lower case letter as it's the 55 // default from gen_pron_pass. 56 void ForceFixPassword(std::string* password) { 57 for (std::string::iterator iter = password->begin(); 58 iter != password->end(); ++iter) { 59 if (islower(*iter)) { 60 *iter = base::ToUpperASCII(*iter); 61 break; 62 } 63 } 64 for (std::string::reverse_iterator iter = password->rbegin(); 65 iter != password->rend(); ++iter) { 66 if (islower(*iter)) { 67 *iter = base::RandInt(kMinDigit, kMaxDigit); 68 break; 69 } 70 } 71 } 72 73 } // namespace 74 75 namespace autofill { 76 77 const int PasswordGenerator::kDefaultPasswordLength = 12; 78 79 PasswordGenerator::PasswordGenerator(int max_length) 80 : password_length_(GetLengthFromHint(max_length, kDefaultPasswordLength)) {} 81 PasswordGenerator::~PasswordGenerator() {} 82 83 std::string PasswordGenerator::Generate() const { 84 char password[255]; 85 char unused_hypenated_password[255]; 86 // Generate passwords that have numbers and upper and lower case letters. 87 // No special characters included for now. 88 unsigned int mode = S_NB | S_CL | S_SL; 89 90 // gen_pron_pass() doesn't guarantee that it includes all of the type given 91 // in mode, so regenerate a few times if neccessary. 92 // TODO(gcasto): Is it worth regenerating at all? 93 for (int i = 0; i < 10; ++i) { 94 gen_pron_pass(password, unused_hypenated_password, 95 password_length_, password_length_, mode); 96 if (VerifyPassword(password)) 97 break; 98 } 99 100 // If the password still isn't conforming after a few iterations, force it 101 // to be so. This may change a syllable in the password. 102 std::string str_password(password); 103 if (!VerifyPassword(str_password)) { 104 ForceFixPassword(&str_password); 105 } 106 return str_password; 107 } 108 109 } // namespace autofill 110
