org.stellar.sdk

Class Sep45Challenge

java.lang.Object

org.stellar.sdk.Sep45Challenge

public class Sep45Challenge
extends java.lang.Object

Stellar Web Authentication Utilities for Contract Accounts (SEP-0045).

This class provides utilities for building, reading, and verifying SEP-45 challenge authorization entries for contract account authentication on the Stellar network.

See Also:

SEP-0045

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Sep45Challenge.ChallengeAuthorizationEntries Contains the parsed data from a SEP-45 challenge.

Field Summary

Fields

Modifier and Type	Field and Description
static long	DEFAULT_EXPIRE_IN_LEDGERS Default number of ledgers until authorization expires (~15 minutes at 5 seconds/ledger).
static java.lang.String	NULL_ACCOUNT A null account used for simulation purposes.
static java.lang.String	WEB_AUTH_VERIFY_FUNCTION_NAME The expected function name for SEP-45 web authentication.

Method Summary

Modifier and Type	Method and Description
static SorobanAuthorizationEntries	buildChallengeAuthorizationEntries(@NonNull SorobanServer server, @NonNull KeyPair serverSigner, @NonNull java.lang.String clientContractId, @NonNull java.lang.String homeDomain, @NonNull java.lang.String webAuthDomain, @NonNull java.lang.String webAuthContractId, @NonNull Network network, java.lang.String nonce, java.lang.Long expireInLedgers) Builds a SEP-45 challenge authorization entries for a client contract account.
static SorobanAuthorizationEntries	buildChallengeAuthorizationEntries(@NonNull SorobanServer server, @NonNull KeyPair serverSigner, @NonNull java.lang.String clientContractId, @NonNull java.lang.String homeDomain, @NonNull java.lang.String webAuthDomain, @NonNull java.lang.String webAuthContractId, @NonNull Network network, java.lang.String nonce, java.lang.Long expireInLedgers, java.lang.String clientDomain, java.lang.String clientDomainAccountId) Builds a SEP-45 challenge authorization entries for a client contract account with optional client domain verification.
static Sep45Challenge.ChallengeAuthorizationEntries	readChallengeAuthorizationEntries(@NonNull java.lang.String authorizationEntriesXdr, @NonNull java.lang.String serverAccountId, @NonNull java.lang.String webAuthContractId, @NonNull java.lang.String[] homeDomains, @NonNull java.lang.String webAuthDomain) Reads and validates a SEP-45 challenge authorization entries without verifying signatures.
static Sep45Challenge.ChallengeAuthorizationEntries	readChallengeAuthorizationEntries(@NonNull java.lang.String authorizationEntriesXdr, @NonNull java.lang.String serverAccountId, @NonNull java.lang.String webAuthContractId, @NonNull java.lang.String homeDomain, @NonNull java.lang.String webAuthDomain) Reads and validates a SEP-45 challenge authorization entries without verifying signatures.
static Sep45Challenge.ChallengeAuthorizationEntries	verifyChallengeAuthorizationEntries(@NonNull SorobanServer server, @NonNull java.lang.String authorizationEntriesXdr, @NonNull java.lang.String serverAccountId, @NonNull java.lang.String webAuthContractId, @NonNull java.lang.String[] homeDomains, @NonNull java.lang.String webAuthDomain, @NonNull Network network) Verifies a SEP-45 challenge authorization entries by simulating the transaction.
static Sep45Challenge.ChallengeAuthorizationEntries	verifyChallengeAuthorizationEntries(@NonNull SorobanServer server, @NonNull java.lang.String authorizationEntriesXdr, @NonNull java.lang.String serverAccountId, @NonNull java.lang.String webAuthContractId, @NonNull java.lang.String homeDomain, @NonNull java.lang.String webAuthDomain, @NonNull Network network) Verifies a SEP-45 challenge authorization entries by simulating the transaction.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

WEB_AUTH_VERIFY_FUNCTION_NAME

public static final java.lang.String WEB_AUTH_VERIFY_FUNCTION_NAME

The expected function name for SEP-45 web authentication.

See Also:

Constant Field Values

NULL_ACCOUNT

public static final java.lang.String NULL_ACCOUNT

A null account used for simulation purposes. This is the account "GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHF".

See Also:

Constant Field Values

DEFAULT_EXPIRE_IN_LEDGERS

public static final long DEFAULT_EXPIRE_IN_LEDGERS

Default number of ledgers until authorization expires (~15 minutes at 5 seconds/ledger).

See Also:

Constant Field Values

Method Detail

buildChallengeAuthorizationEntries

public static SorobanAuthorizationEntries buildChallengeAuthorizationEntries(@NonNull
                                                                             @NonNull SorobanServer server,
                                                                             @NonNull
                                                                             @NonNull KeyPair serverSigner,
                                                                             @NonNull
                                                                             @NonNull java.lang.String clientContractId,
                                                                             @NonNull
                                                                             @NonNull java.lang.String homeDomain,
                                                                             @NonNull
                                                                             @NonNull java.lang.String webAuthDomain,
                                                                             @NonNull
                                                                             @NonNull java.lang.String webAuthContractId,
                                                                             @NonNull
                                                                             @NonNull Network network,
                                                                             @Nullable
                                                                             java.lang.String nonce,
                                                                             @Nullable
                                                                             java.lang.Long expireInLedgers)

Builds a SEP-45 challenge authorization entries for a client contract account.

This method creates challenge authorization entries that can be used to authenticate a contract account.

Parameters:

server - The Soroban RPC server to use for simulating the transaction.

serverSigner - The server's signing keypair.

clientContractId - The client's contract account ID (C... address).

homeDomain - The home domain of the service requiring authentication.

webAuthDomain - The domain of the web authentication service.

webAuthContractId - The contract ID for the web authentication contract.

network - The Stellar network.

nonce - Optional nonce value. If null, a random 48-byte value will be generated and base64-encoded.

expireInLedgers - Number of ledgers from current ledger until authorization expires. If null, defaults to DEFAULT_EXPIRE_IN_LEDGERS (~15 minutes).

Returns:

A SorobanAuthorizationEntries containing the authentication entries.

Throws:

InvalidSep45ChallengeException - If building the challenge fails.

buildChallengeAuthorizationEntries

public static SorobanAuthorizationEntries buildChallengeAuthorizationEntries(@NonNull
                                                                             @NonNull SorobanServer server,
                                                                             @NonNull
                                                                             @NonNull KeyPair serverSigner,
                                                                             @NonNull
                                                                             @NonNull java.lang.String clientContractId,
                                                                             @NonNull
                                                                             @NonNull java.lang.String homeDomain,
                                                                             @NonNull
                                                                             @NonNull java.lang.String webAuthDomain,
                                                                             @NonNull
                                                                             @NonNull java.lang.String webAuthContractId,
                                                                             @NonNull
                                                                             @NonNull Network network,
                                                                             @Nullable
                                                                             java.lang.String nonce,
                                                                             @Nullable
                                                                             java.lang.Long expireInLedgers,
                                                                             @Nullable
                                                                             java.lang.String clientDomain,
                                                                             @Nullable
                                                                             java.lang.String clientDomainAccountId)

Builds a SEP-45 challenge authorization entries for a client contract account with optional client domain verification.

This method creates challenge authorization entries that can be used to authenticate a contract account, optionally including client domain verification.

Parameters:

server - The Soroban RPC server to use for simulating the transaction.

serverSigner - The server's signing keypair.

clientContractId - The client's contract account ID (C... address).

homeDomain - The home domain of the service requiring authentication.

webAuthDomain - The domain of the web authentication service.

webAuthContractId - The contract ID for the web authentication contract.

network - The Stellar network.

nonce - Optional nonce value. If null, a random 48-byte value will be generated and base64-encoded.

expireInLedgers - Number of ledgers from current ledger until authorization expires. If null, defaults to DEFAULT_EXPIRE_IN_LEDGERS (~15 minutes).

clientDomain - Optional client domain for client domain verification.

clientDomainAccountId - Optional client domain account ID (G... address) for verification.

Returns:

A SorobanAuthorizationEntries containing the authentication entries.

Throws:

InvalidSep45ChallengeException - If building the challenge fails.

readChallengeAuthorizationEntries

public static Sep45Challenge.ChallengeAuthorizationEntries readChallengeAuthorizationEntries(@NonNull
                                                                                             @NonNull java.lang.String authorizationEntriesXdr,
                                                                                             @NonNull
                                                                                             @NonNull java.lang.String serverAccountId,
                                                                                             @NonNull
                                                                                             @NonNull java.lang.String webAuthContractId,
                                                                                             @NonNull
                                                                                             @NonNull java.lang.String[] homeDomains,
                                                                                             @NonNull
                                                                                             @NonNull java.lang.String webAuthDomain)

Reads and validates a SEP-45 challenge authorization entries without verifying signatures.

This method decodes the authorization entries, validates their structure, and extracts the challenge data. It does not verify the signatures; use verifyChallengeAuthorizationEntries(org.stellar.sdk.SorobanServer, java.lang.String, java.lang.String, java.lang.String, java.lang.String[], java.lang.String, org.stellar.sdk.Network) for full verification.

Parameters:

authorizationEntriesXdr - The base64 XDR-encoded authorization entries.

serverAccountId - The expected server account ID (G... address).

webAuthContractId - The expected web authentication contract ID (C... address).

homeDomains - A list of acceptable home domains.

webAuthDomain - The expected web auth domain.

Returns:

A Sep45Challenge.ChallengeAuthorizationEntries object containing the parsed challenge data.

Throws:

InvalidSep45ChallengeException - If the challenge is invalid.

readChallengeAuthorizationEntries

public static Sep45Challenge.ChallengeAuthorizationEntries readChallengeAuthorizationEntries(@NonNull
                                                                                             @NonNull java.lang.String authorizationEntriesXdr,
                                                                                             @NonNull
                                                                                             @NonNull java.lang.String serverAccountId,
                                                                                             @NonNull
                                                                                             @NonNull java.lang.String webAuthContractId,
                                                                                             @NonNull
                                                                                             @NonNull java.lang.String homeDomain,
                                                                                             @NonNull
                                                                                             @NonNull java.lang.String webAuthDomain)

Reads and validates a SEP-45 challenge authorization entries without verifying signatures.

Parameters:

authorizationEntriesXdr - The base64 XDR-encoded authorization entries.

serverAccountId - The expected server account ID (G... address).

webAuthContractId - The expected web authentication contract ID (C... address).

homeDomain - The expected home domain.

webAuthDomain - The expected web auth domain.

Returns:

A Sep45Challenge.ChallengeAuthorizationEntries object containing the parsed challenge data.

Throws:

InvalidSep45ChallengeException - If the challenge is invalid.

verifyChallengeAuthorizationEntries

public static Sep45Challenge.ChallengeAuthorizationEntries verifyChallengeAuthorizationEntries(@NonNull
                                                                                               @NonNull SorobanServer server,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String authorizationEntriesXdr,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String serverAccountId,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String webAuthContractId,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String[] homeDomains,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String webAuthDomain,
                                                                                               @NonNull
                                                                                               @NonNull Network network)

Verifies a SEP-45 challenge authorization entries by simulating the transaction.

Since contract accounts cannot be queried for signers like traditional Stellar accounts, we verify signatures by simulating the transaction. A successful simulation indicates valid signatures.

Parameters:

server - The Soroban RPC server to use for simulating the transaction.

authorizationEntriesXdr - The base64 XDR-encoded authorization entries.

serverAccountId - The expected server account ID (G... address).

webAuthContractId - The expected web authentication contract ID (C... address).

homeDomains - A list of acceptable home domains.

webAuthDomain - The expected web auth domain.

network - The Stellar network.

Returns:

A Sep45Challenge.ChallengeAuthorizationEntries object containing the verified challenge data.

Throws:

InvalidSep45ChallengeException - If the challenge is invalid or verification fails.

verifyChallengeAuthorizationEntries

public static Sep45Challenge.ChallengeAuthorizationEntries verifyChallengeAuthorizationEntries(@NonNull
                                                                                               @NonNull SorobanServer server,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String authorizationEntriesXdr,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String serverAccountId,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String webAuthContractId,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String homeDomain,
                                                                                               @NonNull
                                                                                               @NonNull java.lang.String webAuthDomain,
                                                                                               @NonNull
                                                                                               @NonNull Network network)

Verifies a SEP-45 challenge authorization entries by simulating the transaction.

Parameters:

server - The Soroban RPC server to use for simulating the transaction.

authorizationEntriesXdr - The base64 XDR-encoded authorization entries.

serverAccountId - The expected server account ID (G... address).

webAuthContractId - The expected web authentication contract ID (C... address).

homeDomain - The expected home domain.

webAuthDomain - The expected web auth domain.

network - The Stellar network.

Returns:

A Sep45Challenge.ChallengeAuthorizationEntries object containing the verified challenge data.

Throws:

InvalidSep45ChallengeException - If the challenge is invalid or verification fails.