diff options
| author | Antoine A <> | 2023-12-18 16:07:27 +0000 |
|---|---|---|
| committer | Antoine A <> | 2023-12-18 16:07:27 +0000 |
| commit | 644f04f6aefdb047b4b9a90c7f5f35b8929ffd18 (patch) | |
| tree | 2bfe74c0989261fca762b717e293ace0779d5ac3 | |
| parent | e6d6a3e447bc2fa9f87f86cf8086b21a0e1a6d41 (diff) | |
| download | libeufin-644f04f6aefdb047b4b9a90c7f5f35b8929ffd18.tar.gz libeufin-644f04f6aefdb047b4b9a90c7f5f35b8929ffd18.tar.bz2 libeufin-644f04f6aefdb047b4b9a90c7f5f35b8929ffd18.zip | |
Improve TAN challenge code format
| -rw-r--r-- | bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt | 2 | ||||
| -rw-r--r-- | bank/src/main/kotlin/tech/libeufin/bank/Tan.kt | 35 |
2 files changed, 36 insertions, 1 deletions
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt b/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt index 33c98780..9966edf5 100644 --- a/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt +++ b/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt @@ -537,7 +537,7 @@ private fun Routing.coreBankCashoutApi(db: Database, ctx: BankConfig) = conditio amountCredit = req.amount_credit, subject = req.subject ?: "", // TODO default subject tanChannel = tanChannel, - tanCode = UUID.randomUUID().toString(), + tanCode = Tan.genCode(), now = Instant.now(), retryCounter = TAN_RETRY_COUNTER, validityPeriod = TAN_VALIDITY_PERIOD diff --git a/bank/src/main/kotlin/tech/libeufin/bank/Tan.kt b/bank/src/main/kotlin/tech/libeufin/bank/Tan.kt new file mode 100644 index 00000000..8359e5e8 --- /dev/null +++ b/bank/src/main/kotlin/tech/libeufin/bank/Tan.kt @@ -0,0 +1,35 @@ +/* + * This file is part of LibEuFin. + * Copyright (C) 2023 Stanisci and Dold. + + * LibEuFin is free software; you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation; either version 3, or + * (at your option) any later version. + + * LibEuFin is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General + * Public License for more details. + + * You should have received a copy of the GNU Affero General Public + * License along with LibEuFin; see the file COPYING. If not, see + * <http://www.gnu.org/licenses/> + */ +package tech.libeufin.bank + +import java.security.SecureRandom +import java.util.UUID +import java.text.DecimalFormat + +object Tan { + private val CODE_FORMAT = DecimalFormat("00000000"); + private val SECURE_RNG = SecureRandom() + + fun genCode(): String { + val rand = SECURE_RNG.nextInt(100000000) + val code = CODE_FORMAT.format(rand) + return code + } +} + |