Package org.stellar.sdk

Class Sep10Challenge

java.lang.Object
org.stellar.sdk.Sep10Challenge
public class Sep10Challenge extends Object
Stellar Web Authentication Utilities.
See Also:

  • Method Details

    • newChallenge

      public static Transaction newChallenge(KeyPair signer, Network network, String clientAccountId, String domainName, String webAuthDomain, TimeBounds timebounds)
      Returns a valid SEP 10 challenge, for use in web authentication.
      Parameters:
      signer - The server's signing account.
      network - The Stellar network used by the server.
      clientAccountId - The stellar account belonging to the client.
      domainName - The fully qualified domain name of the service requiring authentication.
      webAuthDomain - The fully qualified domain name of the service issuing the challenge.
      timebounds - The lifetime of the challenge token.

    • newChallenge

      public static Transaction newChallenge(KeyPair signer, Network network, String clientAccountId, String domainName, String webAuthDomain, TimeBounds timebounds, String clientDomain, String clientSigningKey, Memo memo)
      Returns a valid SEP 10 challenge, for use in web authentication.
      Parameters:
      signer - The server's signing account.
      network - The Stellar network used by the server.
      clientAccountId - The stellar account belonging to the client.
      domainName - The fully qualified domain name of the service requiring authentication.
      webAuthDomain - The fully qualified domain name of the service issuing the challenge.
      timebounds - The lifetime of the challenge token.
      clientDomain - The domain of the client application requesting authentication.
      clientSigningKey - The stellar account listed as the SIGNING_KEY on the client domain's TOML file.
      memo - The memo of the challenge transaction.

    • newChallenge

      public static Transaction newChallenge(KeyPair signer, Network network, String clientAccountId, String domainName, String webAuthDomain, TimeBounds timebounds, String clientDomain, String clientSigningKey)
      Returns a valid SEP 10 challenge, for use in web authentication.
      Parameters:
      signer - The server's signing account.
      network - The Stellar network used by the server.
      clientAccountId - The stellar account belonging to the client.
      domainName - The fully qualified domain name of the service requiring authentication.
      webAuthDomain - The fully qualified domain name of the service issuing the challenge.
      timebounds - The lifetime of the challenge token.
      clientDomain - The domain of the client application requesting authentication.
      clientSigningKey - The stellar account listed as the SIGNING_KEY on the client domain's TOML file.

    • readChallengeTransaction

      public static Sep10Challenge.ChallengeTransaction readChallengeTransaction(String challengeXdr, String serverAccountId, Network network, String[] domainNames, String webAuthDomain)
      Reads a SEP 10 challenge transaction and returns the decoded transaction envelope and client account ID contained within.

      It also verifies that transaction is signed by the server.

      It does not verify that the transaction has been signed by the client or that any signatures other than the servers on the transaction are valid. Use one of the following functions to completely verify the transaction: verifyChallengeTransactionSigners(String, String, Network, String, String, Set) or verifyChallengeTransactionThreshold(String, String, Network, String, String, int, Set) or verifyChallengeTransactionSigners(String, String, Network, String[], String, Set) or verifyChallengeTransactionThreshold(String, String, Network, String[], String, int, Set) or

      Parameters:
      challengeXdr - SEP-0010 transaction challenge transaction in base64.
      serverAccountId - Account ID for server's account.
      network - The network to connect to for verifying and retrieving.
      domainNames - An array of home domains, one of which is expected to be included in the first Manage Data operation's string key.
      webAuthDomain - The home domain that is expected to be included as the value of the Manage Data operation with the 'web_auth_domain' key. If no such operation is included, this parameter is not used.
      Returns:
      Sep10Challenge.ChallengeTransaction, the decoded transaction envelope and client account ID contained within.
      Throws:
      InvalidSep10ChallengeException - If the SEP-0010 validation fails, the exception will be thrown.
      IllegalArgumentException - If read XDR string fails, the exception will be thrown.

    • readChallengeTransaction

      public static Sep10Challenge.ChallengeTransaction readChallengeTransaction(String challengeXdr, String serverAccountId, Network network, String domainName, String webAuthDomain)
      Reads a SEP 10 challenge transaction and returns the decoded transaction envelope and client account ID contained within.

      It also verifies that transaction is signed by the server.

      It does not verify that the transaction has been signed by the client or that any signatures other than the servers on the transaction are valid. Use one of the following functions to completely verify the transaction: verifyChallengeTransactionSigners(String, String, Network, String, String, Set) or verifyChallengeTransactionThreshold(String, String, Network, String, String, int, Set) or verifyChallengeTransactionSigners(String, String, Network, String[], String, Set) or verifyChallengeTransactionThreshold(String, String, Network, String[], String, int, Set) or

      Parameters:
      challengeXdr - SEP-0010 transaction challenge transaction in base64.
      serverAccountId - Account ID for server's account.
      network - The network to connect to for verifying and retrieving.
      domainName - The home domain that is expected to be included in the first Manage Data operation's string key.
      webAuthDomain - The home domain that is expected to be included as the value of the Manage Data operation with the 'web_auth_domain' key, if present.
      Returns:
      Sep10Challenge.ChallengeTransaction, the decoded transaction envelope and client account ID contained within.
      Throws:
      InvalidSep10ChallengeException - If the SEP-0010 validation fails, the exception will be thrown.
      IllegalArgumentException - If read XDR string fails, the exception will be thrown.

    • verifyChallengeTransactionSigners

      public static Set<String> verifyChallengeTransactionSigners(String challengeXdr, String serverAccountId, Network network, String domainName, String webAuthDomain, Set<String> signers)
      Verifies that for a SEP 10 challenge transaction all signatures on the transaction are accounted for. A transaction is verified if it is signed by the server account, and all other signatures match a signer that has been provided as an argument. Additional signers can be provided that do not have a signature, but all signatures must be matched to a signer for verification to succeed. If verification succeeds a list of signers that were found is returned, excluding the server account ID.
      Parameters:
      challengeXdr - SEP-0010 transaction challenge transaction in base64.
      serverAccountId - Account ID for server's account.
      network - The network to connect to for verifying and retrieving.
      domainName - The home domain that is expected to be included in the first Manage Data operation's string key.
      webAuthDomain - The home domain that is expected to be included as the value of the Manage Data operation with the 'web_auth_domain' key, if present.
      signers - The signers of client account.
      Returns:
      a set of signers that were found is returned, excluding the server account ID.
      Throws:
      InvalidSep10ChallengeException - If the SEP-0010 validation fails, the exception will be thrown.
      IllegalArgumentException - If read XDR string fails, the exception will be thrown.

    • verifyChallengeTransactionSigners

      public static Set<String> verifyChallengeTransactionSigners(String challengeXdr, String serverAccountId, Network network, String[] domainNames, String webAuthDomain, Set<String> signers)
      Verifies that for a SEP 10 challenge transaction all signatures on the transaction are accounted for. A transaction is verified if it is signed by the server account, and all other signatures match a signer that has been provided as an argument. Additional signers can be provided that do not have a signature, but all signatures must be matched to a signer for verification to succeed. If verification succeeds a list of signers that were found is returned, excluding the server account ID.
      Parameters:
      challengeXdr - SEP-0010 transaction challenge transaction in base64.
      serverAccountId - Account ID for server's account.
      network - The network to connect to for verifying and retrieving.
      domainNames - An array of home domains, one of which is expected to be included in the first Manage Data operation's string key.
      webAuthDomain - The home domain that is expected to be included as the value of the Manage Data operation with the 'web_auth_domain' key, if present.
      signers - The signers of client account.
      Returns:
      a set of signers that were found is returned, excluding the server account ID.
      Throws:
      InvalidSep10ChallengeException - If the SEP-0010 validation fails, the exception will be thrown.
      IllegalArgumentException - If read XDR string fails, the exception will be thrown.

    • verifyChallengeTransactionThreshold

      public static Set<String> verifyChallengeTransactionThreshold(String challengeXdr, String serverAccountId, Network network, String[] domainNames, String webAuthDomain, int threshold, Set<Sep10Challenge.Signer> signers)
      Verifies that for a SEP-0010 challenge transaction all signatures on the transaction are accounted for and that the signatures meet a threshold on an account. A transaction is verified if it is signed by the server account, and all other signatures match a signer that has been provided as an argument, and those signatures meet a threshold on the account.
      Parameters:
      challengeXdr - SEP-0010 transaction challenge transaction in base64.
      serverAccountId - Account ID for server's account.
      network - The network to connect to for verifying and retrieving.
      domainNames - An array of home domains, one of which is expected to be included in the first Manage Data operation's string key.
      webAuthDomain - The home domain that is expected to be included as the value of the Manage Data operation with the 'web_auth_domain' key, if present.
      threshold - The threshold on the client account.
      signers - The signers of client account.
      Returns:
      a set of signers that were found is returned, excluding the server account ID.
      Throws:
      InvalidSep10ChallengeException - If the SEP-0010 validation fails, the exception will be thrown.
      IllegalArgumentException - If read XDR string fails, the exception will be thrown.

    • verifyChallengeTransactionThreshold

      public static Set<String> verifyChallengeTransactionThreshold(String challengeXdr, String serverAccountId, Network network, String domainName, String webAuthDomain, int threshold, Set<Sep10Challenge.Signer> signers)
      Verifies that for a SEP-0010 challenge transaction all signatures on the transaction are accounted for and that the signatures meet a threshold on an account. A transaction is verified if it is signed by the server account, and all other signatures match a signer that has been provided as an argument, and those signatures meet a threshold on the account.
      Parameters:
      challengeXdr - SEP-0010 transaction challenge transaction in base64.
      serverAccountId - Account ID for server's account.
      network - The network to connect to for verifying and retrieving.
      domainName - The home domain that is expected to be included in the first Manage Data operation's string key.
      webAuthDomain - The home domain that is expected to be included as the value of the Manage Data operation with the 'web_auth_domain' key, if present.
      threshold - The threshold on the client account.
      signers - The signers of client account.
      Returns:
      a set of signers that were found is returned, excluding the server account ID.
      Throws:
      InvalidSep10ChallengeException - If the SEP-0010 validation fails, the exception will be thrown.
      IllegalArgumentException - If read XDR string fails, the exception will be thrown.