1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/autofill/core/browser/validation.h"
7 #include "base/strings/string_number_conversions.h"
8 #include "base/strings/string_piece.h"
9 #include "base/strings/string_util.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "base/time/time.h"
12 #include "components/autofill/core/browser/autofill_regexes.h"
13 #include "components/autofill/core/browser/credit_card.h"
14 #include "components/autofill/core/browser/state_names.h"
19 bool IsValidCreditCardExpirationDate(const base::string16& year,
20 const base::string16& month,
21 const base::Time& now) {
22 base::string16 year_cleaned, month_cleaned;
23 base::TrimWhitespace(year, base::TRIM_ALL, &year_cleaned);
24 base::TrimWhitespace(month, base::TRIM_ALL, &month_cleaned);
25 if (year_cleaned.length() != 4)
29 if (!base::StringToInt(year_cleaned, &cc_year))
33 if (!base::StringToInt(month_cleaned, &cc_month))
36 return IsValidCreditCardExpirationDate(cc_year, cc_month, now);
39 bool IsValidCreditCardExpirationDate(int year,
41 const base::Time& now) {
42 base::Time::Exploded now_exploded;
43 now.LocalExplode(&now_exploded);
45 if (year < now_exploded.year)
48 if (year == now_exploded.year && month < now_exploded.month)
54 bool IsValidCreditCardNumber(const base::string16& text) {
55 base::string16 number = CreditCard::StripSeparators(text);
57 // Credit card numbers are at most 19 digits in length [1]. 12 digits seems to
58 // be a fairly safe lower-bound [2]. Specific card issuers have more rigidly
60 // [1] http://www.merriampark.com/anatomycc.htm
61 // [2] http://en.wikipedia.org/wiki/Bank_card_number
62 const char* const type = CreditCard::GetCreditCardType(text);
63 if (type == kAmericanExpressCard && number.size() != 15)
65 if (type == kDinersCard && number.size() != 14)
67 if (type == kDiscoverCard && number.size() != 16)
69 if (type == kJCBCard && number.size() != 16)
71 if (type == kMasterCard && number.size() != 16)
73 if (type == kUnionPay && (number.size() < 16 || number.size() > 19))
75 if (type == kVisaCard && number.size() != 13 && number.size() != 16)
77 if (type == kGenericCard && (number.size() < 12 || number.size() > 19))
80 // Unlike all the other supported types, UnionPay cards lack Luhn checksum
82 if (type == kUnionPay)
85 // Use the Luhn formula [3] to validate the number.
86 // [3] http://en.wikipedia.org/wiki/Luhn_algorithm
89 for (base::string16::reverse_iterator iter = number.rbegin();
90 iter != number.rend();
92 if (!IsAsciiDigit(*iter))
95 int digit = *iter - '0';
98 sum += digit / 10 + digit % 10;
105 return (sum % 10) == 0;
108 bool IsValidCreditCardSecurityCode(const base::string16& text) {
109 if (text.size() < 3U || text.size() > 4U)
112 for (base::string16::const_iterator iter = text.begin();
115 if (!IsAsciiDigit(*iter))
121 bool IsValidCreditCardSecurityCode(const base::string16& code,
122 const base::string16& number) {
123 const char* const type = CreditCard::GetCreditCardType(number);
124 size_t required_length = 3;
125 if (type == kAmericanExpressCard)
128 return code.length() == required_length;
131 bool IsValidEmailAddress(const base::string16& text) {
132 // E-Mail pattern as defined by the WhatWG. (4.10.7.1.5 E-Mail state)
133 const base::string16 kEmailPattern = base::ASCIIToUTF16(
134 "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@"
135 "[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$");
136 return MatchesPattern(text, kEmailPattern);
139 bool IsValidState(const base::string16& text) {
140 return !state_names::GetAbbreviationForName(text).empty() ||
141 !state_names::GetNameForAbbreviation(text).empty();
144 bool IsValidZip(const base::string16& text) {
145 const base::string16 kZipPattern = base::ASCIIToUTF16("^\\d{5}(-\\d{4})?$");
146 return MatchesPattern(text, kZipPattern);
149 bool IsSSN(const base::string16& text) {
150 base::string16 number_string;
151 base::RemoveChars(text, base::ASCIIToUTF16("- "), &number_string);
153 // A SSN is of the form AAA-GG-SSSS (A = area number, G = group number, S =
154 // serial number). The validation we do here is simply checking if the area,
155 // group, and serial numbers are valid.
157 // Historically, the area number was assigned per state, with the group number
158 // ascending in an alternating even/odd sequence. With that scheme it was
159 // possible to check for validity by referencing a table that had the highest
160 // group number assigned for a given area number. (This was something that
161 // Chromium never did though, because the "high group" values were constantly
164 // However, starting on 25 June 2011 the SSA began issuing SSNs randomly from
165 // all areas and groups. Group numbers and serial numbers of zero remain
166 // invalid, and areas 000, 666, and 900-999 remain invalid.
168 // References for current practices:
169 // http://www.socialsecurity.gov/employer/randomization.html
170 // http://www.socialsecurity.gov/employer/randomizationfaqs.html
172 // References for historic practices:
173 // http://www.socialsecurity.gov/history/ssn/geocard.html
174 // http://www.socialsecurity.gov/employer/stateweb.htm
175 // http://www.socialsecurity.gov/employer/ssnvhighgroup.htm
177 if (number_string.length() != 9 || !base::IsStringASCII(number_string))
181 if (!base::StringToInt(base::StringPiece16(number_string.begin(),
182 number_string.begin() + 3),
193 if (!base::StringToInt(base::StringPiece16(number_string.begin() + 3,
194 number_string.begin() + 5),
201 if (!base::StringToInt(base::StringPiece16(number_string.begin() + 5,
202 number_string.begin() + 9),
211 } // namespace autofill