1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "components/autofill/core/browser/password_generator.h"
6
7#include <algorithm>
8#include <vector>
9
10#include "base/basictypes.h"
11#include "base/rand_util.h"
12#include "base/strings/string_util.h"
13#include "third_party/fips181/fips181.h"
14
15const int kMinUpper = 65;  // First upper case letter 'A'
16const int kMaxUpper = 90;  // Last upper case letter 'Z'
17const int kMinLower = 97;  // First lower case letter 'a'
18const int kMaxLower = 122; // Last lower case letter 'z'
19const int kMinDigit = 48;  // First digit '0'
20const int kMaxDigit = 57;  // Last digit '9'
21const int kMinPasswordLength = 4;
22const int kMaxPasswordLength = 15;
23
24namespace {
25
26// A helper function to get the length of the generated password from
27// |max_length| retrieved from input password field.
28int GetLengthFromHint(int max_length, int default_length) {
29  if (max_length >= kMinPasswordLength && max_length <= kMaxPasswordLength)
30    return max_length;
31  else
32    return default_length;
33}
34
35// We want the password to have uppercase, lowercase, and at least one number.
36bool VerifyPassword(const std::string& password) {
37  int num_lower_case = 0;
38  int num_upper_case = 0;
39  int num_digits = 0;
40
41  for (size_t i = 0; i < password.size(); ++i) {
42    if (password[i] >= kMinUpper && password[i] <= kMaxUpper)
43      ++num_upper_case;
44    if (password[i] >= kMinLower && password[i] <= kMaxLower)
45      ++num_lower_case;
46    if (password[i] >= kMinDigit && password[i] <= kMaxDigit)
47      ++num_digits;
48  }
49
50  return num_lower_case && num_upper_case && num_digits;
51}
52
53// Make sure that there is at least one upper case and one number in the
54// password. Assume that there already exists a lower case letter as it's the
55// default from gen_pron_pass.
56void ForceFixPassword(std::string* password) {
57  for (std::string::iterator iter = password->begin();
58       iter != password->end(); ++iter) {
59    if (islower(*iter)) {
60      *iter = base::ToUpperASCII(*iter);
61      break;
62    }
63  }
64  for (std::string::reverse_iterator iter = password->rbegin();
65       iter != password->rend(); ++iter) {
66    if (islower(*iter)) {
67      *iter = base::RandInt(kMinDigit, kMaxDigit);
68      break;
69    }
70  }
71}
72
73}  // namespace
74
75namespace autofill {
76
77const int PasswordGenerator::kDefaultPasswordLength = 12;
78
79PasswordGenerator::PasswordGenerator(int max_length)
80    : password_length_(GetLengthFromHint(max_length, kDefaultPasswordLength)) {}
81PasswordGenerator::~PasswordGenerator() {}
82
83std::string PasswordGenerator::Generate() const {
84  char password[255];
85  char unused_hypenated_password[255];
86  // Generate passwords that have numbers and upper and lower case letters.
87  // No special characters included for now.
88  unsigned int mode = S_NB | S_CL | S_SL;
89
90  // gen_pron_pass() doesn't guarantee that it includes all of the type given
91  // in mode, so regenerate a few times if neccessary.
92  // TODO(gcasto): Is it worth regenerating at all?
93  for (int i = 0; i < 10; ++i) {
94    gen_pron_pass(password, unused_hypenated_password,
95                  password_length_, password_length_, mode);
96    if (VerifyPassword(password))
97      break;
98  }
99
100  // If the password still isn't conforming after a few iterations, force it
101  // to be so. This may change a syllable in the password.
102  std::string str_password(password);
103  if (!VerifyPassword(str_password)) {
104    ForceFixPassword(&str_password);
105  }
106  return str_password;
107}
108
109}  // namespace autofill
110