1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/*
* This file is part of LibEuFin.
* Copyright (C) 2023 Stanisci and Dold.
* LibEuFin is free software; you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation; either version 3, or
* (at your option) any later version.
* LibEuFin is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General
* Public License for more details.
* You should have received a copy of the GNU Affero General Public
* License along with LibEuFin; see the file COPYING. If not, see
* <http://www.gnu.org/licenses/>
*/
package tech.libeufin.bank
import java.security.SecureRandom
import java.time.Instant
import java.time.Duration
import java.text.DecimalFormat
import kotlinx.serialization.json.Json
import io.ktor.http.*
import io.ktor.server.request.*
import io.ktor.server.response.*
import io.ktor.server.application.*
import tech.libeufin.bank.db.TanDAO.*
import tech.libeufin.bank.db.*
import tech.libeufin.bank.auth.*
import io.ktor.util.pipeline.PipelineContext
inline suspend fun <reified B> ApplicationCall.respondChallenge(
db: Database,
op: Operation,
body: B,
channel: TanChannel? = null,
info: String? = null
) {
val json = Json.encodeToString(kotlinx.serialization.serializer<B>(), body);
val code = Tan.genCode()
val id = db.tan.new(
login = username,
op = op,
body = json,
code = code,
now = Instant.now(),
retryCounter = TAN_RETRY_COUNTER,
validityPeriod = TAN_VALIDITY_PERIOD,
channel = channel,
info = info
)
respond(
status = HttpStatusCode.Accepted,
message = TanChallenge(id)
)
}
inline suspend fun <reified B> ApplicationCall.receiveChallenge(
db: Database,
op: Operation
): Pair<B, Challenge?> {
val id = request.headers["X-Challenge-Id"]?.toLongOrNull()
return if (id != null) {
val challenge = db.tan.challenge(id, username, op)!!
Pair(Json.decodeFromString(challenge.body), challenge)
} else {
Pair(this.receive(), null)
}
}
suspend fun ApplicationCall.challenge(
db: Database,
op: Operation
): Challenge? {
val id = request.headers["X-Challenge-Id"]?.toLongOrNull()
return if (id != null) {
db.tan.challenge(id, username, op)!!
} else {
null
}
}
object Tan {
private val CODE_FORMAT = DecimalFormat("00000000");
private val SECURE_RNG = SecureRandom()
fun genCode(): String {
val rand = SECURE_RNG.nextInt(100000000)
val code = CODE_FORMAT.format(rand)
return code
}
}
|