/**
* Stellar Web Authentication
* @module WebAuth
* @see {@link https://stellar.org/protocol-10 | SEP-10 Specification}
*/
import { FeeBumpTransaction, Keypair, Transaction } from "@stellar/stellar-base";
import { ServerApi } from "../horizon/server_api";
/**
* Returns a valid {@link https://stellar.org/protocol/sep-10 | SEP-10}
* challenge transaction which you can use for Stellar Web Authentication.
*
* @param {Keypair} serverKeypair Keypair for server's signing account.
* @param {string} clientAccountID The stellar account (G...) or muxed account
* (M...) that the wallet wishes to authenticate with the server.
* @param {string} homeDomain The fully qualified domain name of the service
* requiring authentication
* @param {number} [timeout=300] Challenge duration (default to 5 minutes).
* @param {string} networkPassphrase The network passphrase. If you pass this
* argument then timeout is required.
* @param {string} webAuthDomain The fully qualified domain name of the service
* issuing the challenge.
* @param {string} [memo] The memo to attach to the challenge transaction. The
* memo must be of type `id`. If the `clientaccountID` is a muxed account,
* memos cannot be used.
* @param {string} [clientDomain] The fully qualified domain of the client
* requesting the challenge. Only necessary when the the 'client_domain'
* parameter is passed.
* @param {string} [clientSigningKey] The public key assigned to the SIGNING_KEY
* attribute specified on the stellar.toml hosted on the client domain. Only
* necessary when the 'client_domain' parameter is passed.
* @returns {string} A base64 encoded string of the raw TransactionEnvelope xdr
* struct for the transaction.
* @throws {Error} Will throw if `clientAccountID is a muxed account, and `memo`
* is present.
* @throws {Error} Will throw if `clientDomain` is provided, but
* `clientSigningKey` is missing
*
* @see {@link https://stellar.org/protocol/sep-10 | SEP-10: Stellar Web Auth}
*
* @example
* import { Keypair, Networks, WebAuth } from 'stellar-sdk'
*
* let serverKeyPair = Keypair.fromSecret("server-secret")
* let challenge = WebAuth.buildChallengeTx(
* serverKeyPair,
* "client-stellar-account-id",
* "stellar.org",
* 300,
* Networks.TESTNET);
*/
export declare function buildChallengeTx(serverKeypair: Keypair, clientAccountID: string, homeDomain: string, timeout: number | undefined, networkPassphrase: string, webAuthDomain: string, memo?: string | null, clientDomain?: string | null, clientSigningKey?: string | null): string;
/**
* A parsed and validated challenge transaction, and some of its constituent details.
* @memberof module:WebAuth
*/
export type ChallengeTxDetails = {
/** The challenge transaction. */
tx: Transaction;
/** The Stellar public key (master key) used to sign the Manage Data operation. */
clientAccountId: string;
/** The matched home domain. */
matchedHomeDomain: string;
/** The memo attached to the transaction, which will be null if not present */
memo?: string;
};
/**
* Reads a SEP-10 challenge transaction and returns the decoded transaction and
* client account ID contained within.
*
* It also verifies that the transaction has been signed by the server.
*
* It does not verify that the transaction has been signed by the client or that
* any signatures other than the server's on the transaction are valid. Use one
* of the following functions to completely verify the transaction:
*
* - {@link module:WebAuth~verifyChallengeTxThreshold}
* - {@link module:WebAuth~verifyChallengeTxSigners}
*
* @param {string} challengeTx SEP0010 challenge transaction in base64.
* @param {string} serverAccountID The server's stellar account (public key).
* @param {string} networkPassphrase The network passphrase, e.g.: 'Test SDF
* Network ; September 2015' (see {@link Networks})
* @param {string | Array.<string>} homeDomains The home domain that is expected
* to be included in the first Manage Data operation's string key. If an
* array is provided, one of the domain names in the array must match.
* @param {string} webAuthDomain The home domain that is expected to be included
* as the value of the Manage Data operation with the 'web_auth_domain' key.
* If no such operation is included, this parameter is not used.
* @returns {module:WebAuth.ChallengeTxDetails} The actual transaction and the
* Stellar public key (master key) used to sign the Manage Data operation,
* the matched home domain, and the memo attached to the transaction, which
* will be null if not present.
*
* @see {@link https://stellar.org/protocol/sep-10 | SEP-10: Stellar Web Auth}
*/
export declare function readChallengeTx(challengeTx: string, serverAccountID: string, networkPassphrase: string, homeDomains: string | string[], webAuthDomain: string): {
tx: Transaction;
clientAccountID: string;
matchedHomeDomain: string;
memo: string | null;
};
/**
* Verifies that for a SEP-10 challenge transaction all signatures on the
* transaction are accounted for and that the signatures meet a threshold on an
* account. A transaction is verified if it is signed by the server account, and
* all other signatures match a signer that has been provided as an argument,
* and those signatures meet a threshold on the account.
*
* Signers that are not prefixed as an address/account ID strkey (G...) will be
* ignored.
*
* Errors will be raised if:
* - The transaction is invalid according to
* {@link module:WebAuth~readChallengeTx}.
* - No client signatures are found on the transaction.
* - One or more signatures in the transaction are not identifiable as the
* server account or one of the signers provided in the arguments.
* - The signatures are all valid but do not meet the threshold.
*
* @param {string} challengeTx SEP0010 challenge transaction in base64.
* @param {string} serverAccountID The server's stellar account (public key).
* @param {string} networkPassphrase The network passphrase, e.g.: 'Test SDF
* Network ; September 2015' (see {@link Networks}).
* @param {number} threshold The required signatures threshold for verifying
* this transaction.
* @param {Array.<ServerApi.AccountRecordSigners>} signerSummary a map of all
* authorized signers to their weights. It's used to validate if the
* transaction signatures have met the given threshold.
* @param {string | Array.<string>} homeDomains The home domain(s) that should
* be included in the first Manage Data operation's string key. Required in
* verifyChallengeTxSigners() => readChallengeTx().
* @param {string} webAuthDomain The home domain that is expected to be included
* as the value of the Manage Data operation with the 'web_auth_domain' key,
* if present. Used in verifyChallengeTxSigners() => readChallengeTx().
* @returns {Array.<string>} The list of signers public keys that have signed
* the transaction, excluding the server account ID, given that the threshold
* was met.
* @throws {module:WebAuth.InvalidChallengeError} Will throw if the collective
* weight of the transaction's signers does not meet the necessary threshold
* to verify this transaction.
*
* @see {@link https://stellar.org/protocol/sep-10 | SEP-10: Stellar Web Auth}
*
* @example
* import { Networks, TransactionBuilder, WebAuth } from 'stellar-sdk';
*
* const serverKP = Keypair.random();
* const clientKP1 = Keypair.random();
* const clientKP2 = Keypair.random();
*
* // Challenge, possibly built in the server side
* const challenge = WebAuth.buildChallengeTx(
* serverKP,
* clientKP1.publicKey(),
* "SDF",
* 300,
* Networks.TESTNET
* );
*
* // clock.tick(200); // Simulates a 200 ms delay when communicating from server to client
*
* // Transaction gathered from a challenge, possibly from the client side
* const transaction = TransactionBuilder.fromXDR(challenge, Networks.TESTNET);
* transaction.sign(clientKP1, clientKP2);
* const signedChallenge = transaction
* .toEnvelope()
* .toXDR("base64")
* .toString();
*
* // Defining the threshold and signerSummary
* const threshold = 3;
* const signerSummary = [
* {
* key: this.clientKP1.publicKey(),
* weight: 1,
* },
* {
* key: this.clientKP2.publicKey(),
* weight: 2,
* },
* ];
*
* // The result below should be equal to [clientKP1.publicKey(), clientKP2.publicKey()]
* WebAuth.verifyChallengeTxThreshold(
* signedChallenge,
* serverKP.publicKey(),
* Networks.TESTNET,
* threshold,
* signerSummary
* );
*/
export declare function verifyChallengeTxThreshold(challengeTx: string, serverAccountID: string, networkPassphrase: string, threshold: number, signerSummary: ServerApi.AccountRecordSigners[], homeDomains: string | string[], webAuthDomain: string): string[];
/**
* Verifies that for a SEP 10 challenge transaction all signatures on the
* transaction are accounted for. A transaction is verified if it is signed by
* the server account, and all other signatures match a signer that has been
* provided as an argument (as the accountIDs list). Additional signers can be
* provided that do not have a signature, but all signatures must be matched to
* a signer (accountIDs) for verification to succeed. If verification succeeds,
* a list of signers that were found is returned, not including the server
* account ID.
*
* Signers that are not prefixed as an address/account ID strkey (G...) will be
* ignored.
*
* Errors will be raised if:
* - The transaction is invalid according to
* {@link module:WebAuth~readChallengeTx}.
* - No client signatures are found on the transaction.
* - One or more signatures in the transaction are not identifiable as the
* server account or one of the signers provided in the arguments.
*
* @param {string} challengeTx SEP0010 challenge transaction in base64.
* @param {string} serverAccountID The server's stellar account (public key).
* @param {string} networkPassphrase The network passphrase, e.g.: 'Test SDF
* Network ; September 2015' (see {@link Networks}).
* @param {Array.<string>} signers The signers public keys. This list should
* contain the public keys for all signers that have signed the transaction.
* @param {string | Array.<string>} [homeDomains] The home domain(s) that should
* be included in the first Manage Data operation's string key. Required in
* readChallengeTx().
* @param {string} webAuthDomain The home domain that is expected to be included
* as the value of the Manage Data operation with the 'web_auth_domain' key,
* if present. Used in readChallengeTx().
* @returns {Array.<string>} The list of signers public keys that have signed
* the transaction, excluding the server account ID.
*
* @see {@link https://stellar.org/protocol/sep-10|SEP-10: Stellar Web Auth}
* @example
* import { Networks, TransactionBuilder, WebAuth } from 'stellar-sdk';
*
* const serverKP = Keypair.random();
* const clientKP1 = Keypair.random();
* const clientKP2 = Keypair.random();
*
* // Challenge, possibly built in the server side
* const challenge = WebAuth.buildChallengeTx(
* serverKP,
* clientKP1.publicKey(),
* "SDF",
* 300,
* Networks.TESTNET
* );
*
* // clock.tick(200); // Simulates a 200 ms delay when communicating from server to client
*
* // Transaction gathered from a challenge, possibly from the client side
* const transaction = TransactionBuilder.fromXDR(challenge, Networks.TESTNET);
* transaction.sign(clientKP1, clientKP2);
* const signedChallenge = transaction
* .toEnvelope()
* .toXDR("base64")
* .toString();
*
* // The result below should be equal to [clientKP1.publicKey(), clientKP2.publicKey()]
* WebAuth.verifyChallengeTxSigners(
* signedChallenge,
* serverKP.publicKey(),
* Networks.TESTNET,
* threshold,
* [clientKP1.publicKey(), clientKP2.publicKey()]
* );
*/
export declare function verifyChallengeTxSigners(challengeTx: string, serverAccountID: string, networkPassphrase: string, signers: string[], homeDomains: string | string[], webAuthDomain: string): string[];
/**
* Verifies if a transaction was signed by the given account id.
*
* @param {Transaction | FeeBumpTransaction} transaction The signed transaction.
* @param {string} accountID The signer's public key.
* @returns {boolean} Whether or not `accountID` was found to have signed the
* transaction.
*
* @example
* let keypair = Keypair.random();
* const account = new StellarSdk.Account(keypair.publicKey(), "-1");
*
* const transaction = new TransactionBuilder(account, { fee: 100 })
* .setTimeout(30)
* .build();
*
* transaction.sign(keypair)
* WebAuth.verifyTxSignedBy(transaction, keypair.publicKey())
*/
export declare function verifyTxSignedBy(transaction: FeeBumpTransaction | Transaction, accountID: string): boolean;
/**
* Checks if a transaction has been signed by one or more of the given signers,
* returning a list of non-repeated signers that were found to have signed the
* given transaction.
*
* @param {Transaction | FeeBumpTransaction} transaction The signed transaction.
* @param {Array.<string>} signers The signer's public keys.
* @returns {Array.<string>} A list of signers that were found to have signed
* the transaction.
*
* @example
* let keypair1 = Keypair.random();
* let keypair2 = Keypair.random();
* const account = new StellarSdk.Account(keypair1.publicKey(), "-1");
*
* const transaction = new TransactionBuilder(account, { fee: 100 })
* .setTimeout(30)
* .build();
*
* transaction.sign(keypair1, keypair2)
* WebAuth.gatherTxSigners(transaction, [keypair1.publicKey(), keypair2.publicKey()])
*/
export declare function gatherTxSigners(transaction: FeeBumpTransaction | Transaction, signers: string[]): string[];
Source