1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "components/autofill/core/browser/validation.h"
6
7#include "base/strings/string_number_conversions.h"
8#include "base/strings/string_piece.h"
9#include "base/strings/string_util.h"
10#include "base/strings/utf_string_conversions.h"
11#include "base/time/time.h"
12#include "components/autofill/core/browser/autofill_regexes.h"
13#include "components/autofill/core/browser/credit_card.h"
14#include "components/autofill/core/browser/state_names.h"
15
16
17namespace autofill {
18
19bool IsValidCreditCardExpirationDate(const base::string16& year,
20                                     const base::string16& month,
21                                     const base::Time& now) {
22  base::string16 year_cleaned, month_cleaned;
23  base::TrimWhitespace(year, base::TRIM_ALL, &year_cleaned);
24  base::TrimWhitespace(month, base::TRIM_ALL, &month_cleaned);
25  if (year_cleaned.length() != 4)
26    return false;
27
28  int cc_year;
29  if (!base::StringToInt(year_cleaned, &cc_year))
30    return false;
31
32  int cc_month;
33  if (!base::StringToInt(month_cleaned, &cc_month))
34    return false;
35
36  return IsValidCreditCardExpirationDate(cc_year, cc_month, now);
37}
38
39bool IsValidCreditCardExpirationDate(int year,
40                                     int month,
41                                     const base::Time& now) {
42  base::Time::Exploded now_exploded;
43  now.LocalExplode(&now_exploded);
44
45  if (year < now_exploded.year)
46    return false;
47
48  if (year == now_exploded.year && month < now_exploded.month)
49    return false;
50
51  return true;
52}
53
54bool IsValidCreditCardNumber(const base::string16& text) {
55  base::string16 number = CreditCard::StripSeparators(text);
56
57  // Credit card numbers are at most 19 digits in length [1]. 12 digits seems to
58  // be a fairly safe lower-bound [2].  Specific card issuers have more rigidly
59  // defined sizes.
60  // [1] http://www.merriampark.com/anatomycc.htm
61  // [2] http://en.wikipedia.org/wiki/Bank_card_number
62  const char* const type = CreditCard::GetCreditCardType(text);
63  if (type == kAmericanExpressCard && number.size() != 15)
64    return false;
65  if (type == kDinersCard && number.size() != 14)
66    return false;
67  if (type == kDiscoverCard && number.size() != 16)
68    return false;
69  if (type == kJCBCard && number.size() != 16)
70    return false;
71  if (type == kMasterCard && number.size() != 16)
72    return false;
73  if (type == kUnionPay && (number.size() < 16 || number.size() > 19))
74    return false;
75  if (type == kVisaCard && number.size() != 13 && number.size() != 16)
76    return false;
77  if (type == kGenericCard && (number.size() < 12 || number.size() > 19))
78    return false;
79
80  // Unlike all the other supported types, UnionPay cards lack Luhn checksum
81  // validation.
82  if (type == kUnionPay)
83    return true;
84
85  // Use the Luhn formula [3] to validate the number.
86  // [3] http://en.wikipedia.org/wiki/Luhn_algorithm
87  int sum = 0;
88  bool odd = false;
89  for (base::string16::reverse_iterator iter = number.rbegin();
90       iter != number.rend();
91       ++iter) {
92    if (!IsAsciiDigit(*iter))
93      return false;
94
95    int digit = *iter - '0';
96    if (odd) {
97      digit *= 2;
98      sum += digit / 10 + digit % 10;
99    } else {
100      sum += digit;
101    }
102    odd = !odd;
103  }
104
105  return (sum % 10) == 0;
106}
107
108bool IsValidCreditCardSecurityCode(const base::string16& text) {
109  if (text.size() < 3U || text.size() > 4U)
110    return false;
111
112  for (base::string16::const_iterator iter = text.begin();
113       iter != text.end();
114       ++iter) {
115    if (!IsAsciiDigit(*iter))
116      return false;
117  }
118  return true;
119}
120
121bool IsValidCreditCardSecurityCode(const base::string16& code,
122                                   const base::string16& number) {
123  const char* const type = CreditCard::GetCreditCardType(number);
124  size_t required_length = 3;
125  if (type == kAmericanExpressCard)
126    required_length = 4;
127
128  return code.length() == required_length;
129}
130
131bool IsValidEmailAddress(const base::string16& text) {
132  // E-Mail pattern as defined by the WhatWG. (4.10.7.1.5 E-Mail state)
133  const base::string16 kEmailPattern = base::ASCIIToUTF16(
134      "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@"
135      "[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$");
136  return MatchesPattern(text, kEmailPattern);
137}
138
139bool IsValidState(const base::string16& text) {
140  return !state_names::GetAbbreviationForName(text).empty() ||
141         !state_names::GetNameForAbbreviation(text).empty();
142}
143
144bool IsValidZip(const base::string16& text) {
145  const base::string16 kZipPattern = base::ASCIIToUTF16("^\\d{5}(-\\d{4})?$");
146  return MatchesPattern(text, kZipPattern);
147}
148
149bool IsSSN(const base::string16& text) {
150  base::string16 number_string;
151  base::RemoveChars(text, base::ASCIIToUTF16("- "), &number_string);
152
153  // A SSN is of the form AAA-GG-SSSS (A = area number, G = group number, S =
154  // serial number). The validation we do here is simply checking if the area,
155  // group, and serial numbers are valid.
156  //
157  // Historically, the area number was assigned per state, with the group number
158  // ascending in an alternating even/odd sequence. With that scheme it was
159  // possible to check for validity by referencing a table that had the highest
160  // group number assigned for a given area number. (This was something that
161  // Chromium never did though, because the "high group" values were constantly
162  // changing.)
163  //
164  // However, starting on 25 June 2011 the SSA began issuing SSNs randomly from
165  // all areas and groups. Group numbers and serial numbers of zero remain
166  // invalid, and areas 000, 666, and 900-999 remain invalid.
167  //
168  // References for current practices:
169  //   http://www.socialsecurity.gov/employer/randomization.html
170  //   http://www.socialsecurity.gov/employer/randomizationfaqs.html
171  //
172  // References for historic practices:
173  //   http://www.socialsecurity.gov/history/ssn/geocard.html
174  //   http://www.socialsecurity.gov/employer/stateweb.htm
175  //   http://www.socialsecurity.gov/employer/ssnvhighgroup.htm
176
177  if (number_string.length() != 9 || !base::IsStringASCII(number_string))
178    return false;
179
180  int area;
181  if (!base::StringToInt(base::StringPiece16(number_string.begin(),
182                                             number_string.begin() + 3),
183                         &area)) {
184    return false;
185  }
186  if (area < 1 ||
187      area == 666 ||
188      area >= 900) {
189    return false;
190  }
191
192  int group;
193  if (!base::StringToInt(base::StringPiece16(number_string.begin() + 3,
194                                             number_string.begin() + 5),
195                         &group)
196      || group == 0) {
197    return false;
198  }
199
200  int serial;
201  if (!base::StringToInt(base::StringPiece16(number_string.begin() + 5,
202                                             number_string.begin() + 9),
203                         &serial)
204      || serial == 0) {
205    return false;
206  }
207
208  return true;
209}
210
211}  // namespace autofill
212