OZExternalSignerManager

public actor OZExternalSignerManager

Manager for external (non-passkey) signers in multi-signature smart-account operations.

Maintains two signer kinds:

  • Keypair signers (addFromSecret(secretKey:)): held in memory only; secret-key material is never persisted.
  • Wallet signers: surfaced from the live OZExternalWalletAdapter for the duration of the running process.

Example:

let address = try await manager.addFromSecret(secretKey: "SCZANGBA5YHT...")
Show on GitHub

Ed25519 state

Add signers

  • Adds an Ed25519 keypair signer from a raw secret key.

    Creates a KeyPair from the provided Stellar secret key (S-address) and stores it in memory. The keypair is never persisted to storage; it is lost when the application terminates or the manager is deinitialized.

    If a signer with the same G-address already exists (either keypair or wallet), the keypair signer takes precedence and overwrites the existing entry.

    Throws

    Invalid when the secret key is malformed or keypair creation otherwise fails.

    Declaration

    Swift

    public func addFromSecret(secretKey: String) async throws -> String

    Parameters

    secretKey

    A valid Stellar secret key (S-address, 56 characters).

    Return Value

    The derived G-address of the signer.

    Show on GitHub

Query signers

  • canSignFor(address:) Asynchronous

    Returns true when any keypair or connected-wallet adapter can sign for address.

    Declaration

    Swift

    public func canSignFor(address: String) async -> Bool
    Show on GitHub
  • get(address:) Asynchronous

    Gets information about a specific signer by address.

    Checks keypair signers first (which take precedence), then wallet signers.

    Declaration

    Swift

    public func get(address: String) async -> OZExternalSignerInfo?

    Parameters

    address

    The Stellar G-address to look up.

    Return Value

    The signer info, or nil when no signer exists for this address.

    Show on GitHub
  • getAll() Asynchronous

    Lists all managed external signers (both keypair and wallet).

    Keypair signers are listed first. When a G-address exists as both a keypair signer and a wallet signer, only the keypair entry is returned (keypair takes precedence).

    Declaration

    Swift

    public func getAll() async -> [OZExternalSignerInfo]

    Return Value

    All managed external signer info objects.

    Show on GitHub
  • hasSigners() Asynchronous

    Returns whether any external signers are registered (keypair or wallet).

    Declaration

    Swift

    public func hasSigners() async -> Bool

    Return Value

    true when at least one signer is managed.

    Show on GitHub

Sign auth entry

  • Signs an authorization-entry preimage with the appropriate signer for the given address.

    For keypair signers, the preimage XDR is base64-decoded, hashed with SHA-256, and signed directly with the in-memory Ed25519 keypair. For wallet signers, signing is delegated to signAuthEntry(preimageXdr:options:).

    Keypair signers take precedence over wallet signers when both exist for the same address; the wallet adapter is only consulted when no keypair signer matches.

    Throws

    NotFound when no signer is available for the address; SigningFailed when the signing operation fails.

    Declaration

    Swift

    public func signAuthEntry(
    address: String,
    authEntry: String
) async throws -> OZSignAuthEntryResult

    Parameters

    address

    The G-address identifying which signer to use.
    authEntry

    Base64-encoded HashIDPreimage XDR to sign.

    Return Value

    The signing result containing the base64-encoded raw Ed25519 signature and the signer address that produced it.

    Show on GitHub
  • remove(address:) Asynchronous

    Removes a signer by address.

    For keypair signers, removes the keypair from memory. For wallet signers, calls disconnectByAddress(address:) to release the adapter’s runtime state. Both paths run when present, so an address that is somehow registered as both a keypair and a wallet is fully cleared.

    Throws

    Rethrows any error raised by the adapter.

    Declaration

    Swift

    public func remove(address: String) async throws

    Parameters

    address

    The G-address of the signer to remove.
    Show on GitHub
  • removeAll() Asynchronous

    Removes all signers. Clears in-memory keypair signers, in-memory Ed25519 keypairs, and disconnects all external wallets. Failures propagate to the caller.

    Declaration

    Swift

    public func removeAll() async throws
    Show on GitHub

Ed25519 methods

  • Registers an Ed25519 signing keypair derived from a Stellar secret key.

    Creates a KeyPair from the supplied raw 32-byte Ed25519 secret seed and stores it in memory under the composite (verifierAddress, publicKey) key. The keypair is never persisted to storage and is lost when the application terminates or the manager is deinitialized.

    If a keypair is already registered for the same (verifierAddress, publicKey) pair, it is silently overwritten with the new one.

    Throws

    InvalidInput when verifierAddress is not a valid contract strkey or when secretKeyBytes is not exactly 32 bytes; Invalid when keypair construction fails.

    Declaration

    Swift

    public func addEd25519FromRawKey(secretKeyBytes: Data, verifierAddress: String) throws -> Data

    Parameters

    secretKeyBytes

    Raw 32-byte Ed25519 secret seed. Must be exactly 32 bytes.
    verifierAddress

    Contract address (C… strkey) of the Ed25519 verifier contract under which the signer is registered on-chain.

    Return Value

    The derived 32-byte Ed25519 public key.

    Show on GitHub

  • Returns whether a signing source is available for the given Ed25519 signer.

    Checks the adapter first (adapter-first precedence rule). When the adapter returns true for canSignFor(verifierAddress:publicKey:), this method returns true without consulting the in-memory registry. Falls back to checking whether an in-memory keypair is registered for (verifierAddress, publicKey).

    Declaration

    Swift

    public func canSignEd25519For(verifierAddress: String, publicKey: Data) -> Bool

    Parameters

    verifierAddress

    Contract address (C… strkey) of the Ed25519 verifier contract.
    publicKey

    32-byte Ed25519 public key identifying the signer slot.

    Return Value

    true when a signing source (adapter or in-memory keypair) can sign for this (verifierAddress, publicKey) pair.

    Show on GitHub

  • Produces a 64-byte Ed25519 signature over the supplied auth digest.

    Resolves the signing source using the adapter-first precedence rule: the adapter is consulted first via canSignFor(verifierAddress:publicKey:). If the adapter claims it can sign, it is invoked via signAuthDigest(authDigest:publicKey:). Otherwise the in-memory keypair registry is used. Throws when neither source is available.

    Throws

    InvalidInput when no signing source is registered; SigningFailed when the adapter or in-memory keypair fails.

    Declaration

    Swift

    public func signEd25519AuthDigest(
    verifierAddress: String,
    publicKey: Data,
    authDigest: Data
) async throws -> Data

    Parameters

    verifierAddress

    Contract address (C… strkey) of the Ed25519 verifier contract.
    publicKey

    32-byte Ed25519 public key identifying the signer slot.
    authDigest

    32-byte auth digest to sign.

    Return Value

    64-byte raw Ed25519 signature over authDigest.

    Show on GitHub

  • Removes a registered Ed25519 signer from the in-memory registry.

    Clears the keypair stored under (verifierAddress, publicKey). No-op when no keypair is registered for that pair. The adapter is not affected by this call.

    Declaration

    Swift

    public func removeEd25519(verifierAddress: String, publicKey: Data)

    Parameters

    verifierAddress

    Contract address (C… strkey) of the Ed25519 verifier contract.
    publicKey

    32-byte Ed25519 public key identifying the signer slot to remove.
    Show on GitHub