Callback Signature Verifier
Deprecated
Moved to com.soneso.stellar.sdk.sep.common.CallbackSignatureVerifier. This shim is functionally equivalent and is scheduled for removal per the CHANGELOG.
Replace with
import com.soneso.stellar.sdk.sep.common.CallbackSignatureVerifier as SharedVerifier
SharedVerifier(signingKey = anchorSigningKey, registeredCallbackUrl = "https://$expectedHost/your-callback-path", freshnessSeconds = maxAgeSeconds)Deprecated callback-signature helper. Kept as a thin shim over com.soneso.stellar.sdk.sep.common.CallbackSignatureVerifier so existing call sites continue to compile and produce bit-for-bit identical results.
Migrate to com.soneso.stellar.sdk.sep.common.CallbackSignatureVerifier. The new class exposes a sealed SharedVerifier.Result so callers can distinguish replay (Stale) from forgery (SignatureMismatch) in logs, pins host from a registered URL with port stripped, enforces HTTPS (with a loopback carve-out for local development), and applies a two-sided freshness check that additionally rejects future-dated forgery attempts.
Shim semantics
Internally this object routes through SharedVerifier.forShim so every v0.6.0 observable behaviour is preserved:
verify passes expectedHost verbatim into the canonical payload — no URL parsing, no port stripping, no HTTPS scheme check. Hosts like
"localhost:8080","myapp.com:8443", or the empty string all flow through unchanged.Freshness is one-sided: future-dated timestamps are accepted as long as
currentTime - signedTimestamp <= maxAgeSeconds.parseSignatureHeader keeps its comma-split parser and
IllegalArgumentException-on-malformed contract verbatim. It is NOT routed through the new class's tightened regex, so a header that the new class would reject as SharedVerifier.Result.MalformedHeader may still parse successfully through parseSignatureHeader. This is acceptable deprecation cost.verify collapses all non-
Validoutcomes (Stale,MalformedHeader,MissingHeader,SignatureMismatch) tofalse, matching the originalBooleanreturn type. Consumers who want fine-grained diagnostics migrate to the new class.
Removal schedule is in the project CHANGELOG.md under the entry that introduced this deprecation.