stellar-sdk/com.soneso.stellar.sdk.sep.sep12/CallbackSignatureVerifier

CallbackSignatureVerifier

object CallbackSignatureVerifier

Deprecated

Moved to com.soneso.stellar.sdk.sep.common.CallbackSignatureVerifier. This shim is functionally equivalent and is scheduled for removal per the CHANGELOG.

Replace with

import com.soneso.stellar.sdk.sep.common.CallbackSignatureVerifier as SharedVerifier
Content copied to clipboard
SharedVerifier(signingKey = anchorSigningKey, registeredCallbackUrl = "https://$expectedHost/your-callback-path", freshnessSeconds = maxAgeSeconds)
Content copied to clipboard

Deprecated callback-signature helper. Kept as a thin shim over com.soneso.stellar.sdk.sep.common.CallbackSignatureVerifier so existing call sites continue to compile and produce bit-for-bit identical results.

Migrate to com.soneso.stellar.sdk.sep.common.CallbackSignatureVerifier. The new class exposes a sealed SharedVerifier.Result so callers can distinguish replay (Stale) from forgery (SignatureMismatch) in logs, pins host from a registered URL with port stripped, enforces HTTPS (with a loopback carve-out for local development), and applies a two-sided freshness check that additionally rejects future-dated forgery attempts.

Shim semantics

Internally this object routes through SharedVerifier.forShim so every v0.6.0 observable behaviour is preserved:

  • verify passes expectedHost verbatim into the canonical payload — no URL parsing, no port stripping, no HTTPS scheme check. Hosts like "localhost:8080", "myapp.com:8443", or the empty string all flow through unchanged.

  • Freshness is one-sided: future-dated timestamps are accepted as long as currentTime - signedTimestamp <= maxAgeSeconds.

  • parseSignatureHeader keeps its comma-split parser and IllegalArgumentException-on-malformed contract verbatim. It is NOT routed through the new class's tightened regex, so a header that the new class would reject as SharedVerifier.Result.MalformedHeader may still parse successfully through parseSignatureHeader. This is acceptable deprecation cost.

  • verify collapses all non-Valid outcomes (Stale, MalformedHeader, MissingHeader, SignatureMismatch) to false, matching the original Boolean return type. Consumers who want fine-grained diagnostics migrate to the new class.

Removal schedule is in the project CHANGELOG.md under the entry that introduced this deprecation.

See also

Functions

Link copied to clipboard
fun parseSignatureHeader(header: String): Pair<Long, String>

Parses the signature header into timestamp and signature components.

Link copied to clipboard
suspend fun verify(signatureHeader: String, requestBody: String, expectedHost: String, anchorSigningKey: String, maxAgeSeconds: Long = DEFAULT_SHIM_MAX_AGE_SECONDS): Boolean

Verifies a callback signature from a SEP-12 anchor.

Generated by Dokka
© 2026 Copyright