stellar-sdk 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3390d577fe288a6397d9f1c2844729023abc68b3147584211794d1d0eed294b2
-  data.tar.gz: 01ce41b3d2a9be6ea02196e14639a379955b584744435a622d7091840426358e
+  metadata.gz: d7c9a8f80386d8ae7e790f4cd5198968433c692417c2de7fd87d8d934d966e6a
+  data.tar.gz: d31590ea3a3a2d469f4f0fc5fe59232696c7d090a4ab70415d823fed3a9228b1
 SHA512:
-  metadata.gz: c740fe9977ea1dd2ae41ce0f2c4001eec2142d3adafe2739a2ec7deed9ba60f31419ad1f63c8d63b91cbc565146f855f5041f4171e2e324bda8770f1eae7d12b
-  data.tar.gz: 563d52017e9767190f0bd09d1fdf0dfe17903dfb55820b53ca24be6eabd2e4cc8d3896a6bf4148ee6f2fcdbec89fecba08ec7b012a5d2258bf6fd354bbac28d0
+  metadata.gz: 45d62b035a05bdcdf5f93bf696e67e490a7f87df4b4e64b43503eb7e91a0b7dcfe7d4b8556119a0db9021ed32c8f2bf98684470bf58dae383d78fb44e67f8324
+  data.tar.gz: 919b5641f08bd77ada6f39b0eac25e89a4aa8b66d27c7b32bdbfa2efe26b701551612d7b997750185124f6de3252a5013390982032c771a26103d3e2dc367b66

data/.gitignore

@@ -14,3 +14,4 @@
 *.a
 mkmf.log
 /spec/config.yml
+.vscode

data/.travis.yml

@@ -3,14 +3,15 @@ rvm:
 - 2.4.1
 - 2.5.1
 - 2.6.1
-- jruby-9.1.6.0
+- jruby-9.2.5.0
 cache: bundler
+addons:
+  apt:
+    packages:
+    - libsodium-dev
 before_install:
   - gem update --system
   - gem install bundler -v 2.0
-  - sudo add-apt-repository -y ppa:chris-lea/libsodium
-  - sudo apt-get -y update
-  - sudo apt-get install -y libsodium-dev
 script: LD_LIBRARY_PATH=lib bundle exec rake travis
 before_script:
   - cp spec/config.yml.sample spec/config.yml

data/CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.8.0](https://github.com/stellar/ruby-stellar-sdk/compare/v0.7.0...v0.8.0)
+### Added
+- SEP-10 Multisig Support [#69](https://github.com/stellar/ruby-stellar-sdk/pull/69)
+- `X-Client-Name` and `X-Client-Version` headers
+
 ## [0.7.0] - 2019-04-26
 ### Added
 - Friendbot support

data/README.md

@@ -1,9 +1,7 @@
 # Ruby Stellar
 
-[![Build Status](https://travis-ci.org/stellar/ruby-stellar-sdk.svg)](https://travis-ci.org/stellar/ruby-stellar-sdk)
-[![Code Climate](https://codeclimate.com/github/stellar/ruby-stellar-sdk/badges/gpa.svg)](https://codeclimate.com/github/stellar/ruby-stellar-sdk)
-
-*STATUS:  this library is very early and incomplete.  The examples provided do not work, yet*
+[![Build Status](https://travis-ci.org/bloom-solutions/ruby-stellar-sdk.svg)](https://travis-ci.org/bloom-solutions/ruby-stellar-sdk)
+[![Code Climate](https://codeclimate.com/github/bloom-solutions/ruby-stellar-sdk/badges/gpa.svg)](https://codeclimate.com/github/bloom-solutions/ruby-stellar-sdk)
 
 This library helps you to integrate your application into the [Stellar network](http://stellar.org).
 
@@ -45,7 +43,7 @@ client.send_payment({
 }) 
 ```
 
-Be sure to set the network when submitting to the public network (more information in [stellar-base](https://www.github.com/stellar/ruby-stellar-base)):
+Be sure to set the network when submitting to the public network (more information in [stellar-base](https://www.github.com/bloom-solutions/ruby-stellar-base)):
 
 ```ruby
 Stellar.default_network = Stellar::Networks::PUBLIC
@@ -53,14 +51,17 @@ Stellar.default_network = Stellar::Networks::PUBLIC
 
 ## Development
 
+- Install and activate [rvm](https://rvm.io/rvm/install)
+- Ensure your `bundler` version is up-to-date: `gem install bundler`
+- Run `bundle install`
 - Copy `spec/config.yml.sample` to `spec/config.yml`
 - Replace anything in `spec/config.yml` especially if you will re-record specs
-- `rspec spec`
+- `bundle exec rspec spec`
 
 ## Contributing
 
 1. Sign the [Contributor License Agreement](https://docs.google.com/forms/d/1g7EF6PERciwn7zfmfke5Sir2n10yddGGSXyZsq98tVY/viewform?usp=send_form)
-2. Fork it ( https://github.com/stellar/ruby-stellar-lib/fork )
+2. Fork it ( https://github.com/bloom-solutions/ruby-stellar-lib/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

data/examples/07_sep10.rb

@@ -0,0 +1,125 @@
+require 'stellar-sdk'
+require 'hyperclient'
+
+$client = Stellar::Client.default_testnet
+$client_master_kp = Stellar::KeyPair.random
+$client_signer_kp1 = Stellar::KeyPair.random
+$client_signer_kp2 = Stellar::KeyPair.random
+$server_kp = Stellar::KeyPair.random
+
+def setup_multisig
+  # create funded account
+  # On mainet there is no friendbot, use Stellar::Client.create_account instead
+  account = Stellar::Account.from_seed($client_master_kp.seed)
+  $client.friendbot(account)
+
+  # get account sequence number for next transaction
+  sequence_number = $client.account_info(account).sequence.to_i + 1
+
+  # build the non-master signers to be added to the account
+  signer1 = Stellar::Signer.new(
+    key: Stellar::SignerKey.ed25519($client_signer_kp1),
+    weight: 1
+  )
+  signer2 = Stellar::Signer.new(
+    key: Stellar::SignerKey.ed25519($client_signer_kp2),
+    weight: 1
+  )
+
+  # Stellar::Transaction only has method to construct single-operation 
+  # transactions, so we have to add an operation to add an additional signer.
+  tx = Stellar::Transaction.set_options({
+    account: $client_master_kp,
+    sequence: sequence_number,
+    signer: signer1,
+    low_threshold: 1, 
+    med_threshold: 2,
+    high_threshold: 3,
+    fee: 100 * 3
+  })
+  tx.operations << Stellar::Operation.set_options({ signer: signer2 })
+
+  envelope_xdr = tx.to_envelope($client_master_kp).to_xdr(:base64)
+  begin
+    $client.horizon.transactions._post(tx: envelope_xdr)
+  rescue Faraday::ClientError => e
+    p e.response
+  end
+end
+
+
+# This function walks throught the steps both the wallet and server would take
+# during a SEP-10 challenge verification.
+def example_verify_challenge_tx_threshold
+  # 1. The wallet makes a GET request to /auth,
+  # 2. The server receives the request, and returns the challenge xdr.
+  envelope_xdr = Stellar::SEP10.build_challenge_tx(
+    server: $server_kp,
+    client: $client_master_kp,
+    anchor_name: "SDF",
+    timeout: 600
+  )
+  # 3. The wallet recieves the challenge xdr and collects enough signatures from
+  #    the accounts signers to reach the medium threshold on the account.
+  #    `envelope.signatures` already contains the server's signature, so the wallet 
+  #    adds to the list.
+  envelope = Stellar::TransactionEnvelope.from_xdr(envelope_xdr, "base64")
+  envelope.signatures += [
+    envelope.tx.sign_decorated($client_master_kp),
+    envelope.tx.sign_decorated($client_signer_kp1),
+    envelope.tx.sign_decorated($client_signer_kp2)
+  ]
+  envelope_xdr = envelope.to_xdr(:base64)
+
+  # 4. The wallet makes a POST request to /auth containing the signed challenge
+  # 5. The server verifies the challenge transaction
+  envelope, client_master_address = Stellar::SEP10.read_challenge_tx(
+    challenge_xdr: envelope_xdr,
+    server: $server_kp
+  )
+  account = Stellar::Account.from_address(client_master_address)
+  begin
+    # Get all signers and thresholds for account
+    info = $client.account_info(account)
+  rescue Faraday::ResourceNotFound
+    # The account doesn't exist yet.
+    # In this situation, all the server can do is verify that the client master 
+    # keypair has signed the transaction.
+    begin
+      Stellar::SEP10.verify_challenge_tx(
+        challenge_xdr: envelope_xdr, server: $server_kp
+      )
+    rescue Stellar::InvalidSep10ChallengeError => e
+      puts "You should handle possible exceptions:"
+      puts e
+    else
+      puts "Challenge verified by client master key signature"
+    end
+  else
+    # The account exists, so the server should check if the signatures reach the
+    # medium threshold on the account
+    begin
+      signers_found = Stellar::SEP10.verify_challenge_tx_threshold(
+        challenge_xdr: envelope_xdr,
+        server: $server_kp,
+        threshold: info.thresholds["med_threshold"],
+        signers: Set.new(info.signers)
+      )
+    rescue Stellar::InvalidSep10ChallengeError => e
+      puts "You should handle possible exceptions:"
+      puts e
+    else
+      puts "Challenge signatures and threshold verified!"
+      total_weight = 0
+      signers_found.each do |signer|
+        total_weight += signer['weight']
+        puts "signer: #{signer['key']}, weight: #{signer['weight']}"
+      end
+      puts "Account medium threshold: #{info.thresholds["med_threshold"]}, total signature(s) weight: #{total_weight}"
+    end
+  end
+end
+
+# Comment out setup_multisig to execute Stellar::Account.verify_challenge_transaction
+setup_multisig
+example_verify_challenge_tx_threshold

data/lib/stellar-sdk.rb

@@ -4,9 +4,9 @@ require 'contracts'
 module Stellar
 
   autoload :Account
-  autoload :AccountInfo
   autoload :Amount
   autoload :Client
+  autoload :SEP10
 
   module Horizon
     extend ActiveSupport::Autoload

data/lib/stellar/client.rb

@@ -1,7 +1,10 @@
 require 'hyperclient'
 require "active_support/core_ext/object/blank"
+require 'securerandom'
 
 module Stellar
+  class InvalidSep10ChallengeError < StandardError; end
+
   class Client
     include Contracts
     C = Contracts
@@ -46,14 +49,20 @@ module Stellar
           conn.adapter :excon
         end
         client.headers = {
-          'Accept' => 'application/hal+json,application/problem+json,application/json'
+          'Accept' => 'application/hal+json,application/problem+json,application/json',
+          "X-Client-Name" => "ruby-stellar-sdk",
+          "X-Client-Version" => VERSION,
         }
       end
     end
 
-    Contract Stellar::Account => Any
-    def account_info(account)
-      account_id  = account.address
+    Contract Or[Stellar::Account, String] => Any
+    def account_info(account_or_address)
+      if account_or_address.is_a?(Stellar::Account)
+        account_id = account_or_address.address
+      else
+        account_id = account_or_address
+      end
       @horizon.account(account_id:account_id)._get
     end
 
@@ -187,5 +196,64 @@ module Stellar
       horizon.transactions._post(tx: envelope_base64)
     end
 
+    Contract(C::KeywordArgs[
+      server: Stellar::KeyPair,
+      client: Stellar::KeyPair,
+      anchor_name: String,
+      timeout: C::Optional[Integer]
+    ] => String)
+    # DEPRECATED: this function has been moved Stellar::SEP10.build_challenge_tx and
+    # will be removed in the next major version release.
+    #
+    # A wrapper function for Stellar::SEP10::build_challenge_tx.
+    # 
+    # @param server [Stellar::KeyPair] Keypair for server's signing account.
+    # @param client [Stellar::KeyPair] Keypair for the account whishing to authenticate with the server.
+    # @param anchor_name [String] Anchor's name to be used in the manage_data key.
+    # @param timeout [Integer] Challenge duration (default to 5 minutes).
+    #
+    # @return [String] A base64 encoded string of the raw TransactionEnvelope xdr struct for the transaction.
+    def build_challenge_tx(server:, client:, anchor_name:, timeout: 300)
+      Stellar::SEP10.build_challenge_tx(
+        server: server, client: client, anchor_name: anchor_name, timeout: timeout
+      )
+    end
+
+    Contract(C::KeywordArgs[
+      challenge: String,
+      server: Stellar::KeyPair
+    ] => C::Bool)    
+    # DEPRECATED: this function has been moved to Stellar::SEP10::read_challenge_tx and
+    # will be removed in the next major version release.
+    #
+    # A wrapper function for Stellar::SEP10.verify_challenge_transaction
+    #
+    # @param challenge [String] SEP0010 transaction challenge in base64.
+    # @param server [Stellar::KeyPair] Stellar::KeyPair for server where the challenge was generated.
+    #
+    # @return [Boolean]
+    def verify_challenge_tx(challenge:, server:)
+      Stellar::SEP10.verify_challenge_tx(challenge_tx: challenge, server: server)
+      true
+    end
+
+    Contract(C::KeywordArgs[
+      transaction_envelope: Stellar::TransactionEnvelope,
+      keypair: Stellar::KeyPair
+    ] => C::Bool)
+    # DEPRECATED: this function has been moved to Stellar::SEP10::verify_tx_signed_by and
+    # will be removed in the next major version release.
+    #
+    # @param transaction_envelope [Stellar::TransactionEnvelope] 
+    # @param keypair [Stellar::KeyPair]
+    #
+    # @return [Boolean]
+    #
+    def verify_tx_signed_by(transaction_envelope:, keypair:)
+      Stellar::SEP10.verify_tx_signed_by(
+        tx_envelope: transaction_envelope, keypair: keypair
+      )
+    end
+    
   end
 end

data/lib/stellar/sep10.rb

@@ -0,0 +1,384 @@
+module Stellar
+  class InvalidSep10ChallengeError < StandardError; end
+
+  class SEP10
+    include Contracts
+    C = Contracts
+
+    Contract(C::KeywordArgs[
+      server: Stellar::KeyPair,
+      client: Stellar::KeyPair,
+      anchor_name: String,
+      timeout: C::Optional[Integer]
+    ] => String)
+    #
+    # Helper method to create a valid {SEP0010}[https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md]
+    # challenge transaction which you can use for Stellar Web Authentication.
+    #    
+    # @param server [Stellar::KeyPair] Keypair for server's signing account.
+    # @param client [Stellar::KeyPair] Keypair for the account whishing to authenticate with the server.
+    # @param anchor_name [String] Anchor's name to be used in the manage_data key.
+    # @param timeout [Integer] Challenge duration (default to 5 minutes).
+    #
+    # @return [String] A base64 encoded string of the raw TransactionEnvelope xdr struct for the transaction.
+    #
+    # = Example
+    # 
+    #   Stellar::SEP10.build_challenge_tx(server: server, client: user, anchor_name: anchor, timeout: timeout) 
+    # 
+    # @see {SEP0010: Stellar Web Authentication}[https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md]
+    def self.build_challenge_tx(server:, client:, anchor_name:, timeout: 300)
+      # The value must be 64 bytes long. It contains a 48 byte
+      # cryptographic-quality random string encoded using base64 (for a total of
+      # 64 bytes after encoding).
+      value = SecureRandom.base64(48)
+            
+      tx = Stellar::Transaction.manage_data({
+        account: server,
+        sequence:  0,
+        name: "#{anchor_name} auth", 
+        value: value,
+        source_account: client
+      })
+
+      now = Time.now.to_i
+      tx.time_bounds = Stellar::TimeBounds.new(
+        min_time: now, 
+        max_time: now + timeout
+      )
+
+      tx.to_envelope(server).to_xdr(:base64)
+    end
+
+
+    Contract(C::KeywordArgs[
+      challenge_xdr: String,
+      server: Stellar::KeyPair
+    ] => [Stellar::TransactionEnvelope, String])    
+    # Reads a SEP 10 challenge transaction and returns the decoded transaction envelope and client account ID contained within.
+    #
+    # It also verifies that transaction is signed by the server.
+    #
+    # It does not verify that the transaction has been signed by the client or
+    # that any signatures other than the servers on the transaction are valid. Use
+    # one of the following functions to completely verify the transaction:
+    #    - Stellar::SEP10.verify_challenge_tx_threshold
+    #    - Stellar::SEP10.verify_challenge_tx_signers
+    #
+    # @param challenge_xdr [String] SEP0010 transaction challenge in base64.
+    # @param server [Stellar::KeyPair] keypair for server where the challenge was generated.
+    #
+    # @return [Stellar::TransactionEnvelope, String]
+    #
+    # = Example
+    # 
+    #   sep10 = Stellar::SEP10
+    #   challenge = sep10.build_challenge_tx(server: server, client: user, anchor_name: anchor, timeout: timeout) 
+    #   envelope, client_address = sep10.read_challenge_tx(challenge: challenge, server: server)
+    #
+    def self.read_challenge_tx(challenge_xdr:, server:)
+      envelope = Stellar::TransactionEnvelope.from_xdr(challenge_xdr, "base64") 
+      transaction = envelope.tx
+
+      if transaction.seq_num != 0
+        raise InvalidSep10ChallengeError.new(
+          "The transaction sequence number should be zero"
+        )
+      end
+
+      if transaction.source_account != server.public_key
+        raise InvalidSep10ChallengeError.new(
+          "The transaction source account is not equal to the server's account"
+        )
+      end
+
+      if transaction.operations.size != 1
+        raise InvalidSep10ChallengeError.new(
+          "The transaction should contain only one operation"
+        )
+      end
+
+      operation = transaction.operations.first
+      client_account_id = operation.source_account
+
+      if client_account_id.nil?
+        raise InvalidSep10ChallengeError.new(
+          "The transaction's operation should contain a source account"
+        )
+      end
+
+      if operation.body.arm != :manage_data_op
+        raise InvalidSep10ChallengeError.new(
+          "The transaction's operation should be manageData"
+        )
+      end
+
+      if operation.body.value.data_value.unpack("m")[0].size !=  48
+        raise InvalidSep10ChallengeError.new(
+          "The transaction's operation value should be a 64 bytes base64 random string"
+        )
+      end
+
+      if !verify_tx_signed_by(tx_envelope: envelope, keypair: server)
+        raise InvalidSep10ChallengeError.new(
+          "The transaction is not signed by the server"
+        )
+      end
+
+      time_bounds = transaction.time_bounds
+      now = Time.now.to_i
+
+      if time_bounds.nil? || !now.between?(time_bounds.min_time, time_bounds.max_time)
+        raise InvalidSep10ChallengeError.new("The transaction has expired")        
+      end
+
+      # Mirror the return type of the other SDK's and return a string
+      client_kp = Stellar::KeyPair.from_public_key(client_account_id.ed25519!)
+
+      return envelope, client_kp.address
+    end
+
+
+    Contract(C::KeywordArgs[
+      challenge_xdr: String,
+      server: Stellar::KeyPair,
+      signers: SetOf[String]
+    ] => C::SetOf[String])
+    # Verifies that for a SEP 10 challenge transaction all signatures on the transaction are accounted for.
+    #
+    # A transaction is verified if it is signed by the server account, and all other signatures match a signer 
+    # that has been provided as an argument. Additional signers can be provided that do not have a signature, 
+    # but all signatures must be matched to a signer for verification to succeed. 
+    #
+    # If verification succeeds a list of signers that were found is returned, excluding the server account ID.
+    #
+    # @param challenge_xdr [String] SEP0010 transaction challenge transaction in base64.
+    # @param server [Stellar::Keypair] keypair for server's account.
+    # @param signers [SetOf[String]] The signers of client account.
+    #
+    # @return [SetOf[String]]
+    #
+    # Raises a InvalidSep10ChallengeError if:
+    #     - The transaction is invalid according to Stellar::SEP10.read_challenge_tx.
+    #     - One or more signatures in the transaction are not identifiable as the server account or one of the 
+    #       signers provided in the arguments.
+    def self.verify_challenge_tx_signers(
+      challenge_xdr:,
+      server:,
+      signers:
+    )
+      if signers.empty?
+        raise InvalidSep10ChallengeError.new("No signers provided.")
+      end
+
+      te, _ = read_challenge_tx(
+        challenge_xdr: challenge_xdr, server: server
+      )
+
+      # deduplicate signers and ignore non-G addresses
+      client_signers = Set.new
+      signers.each do |signer|
+        # ignore server kp if passed
+        if signer == server.address
+          next
+        end
+        begin
+          Stellar::Util::StrKey.check_decode(:account_id, signer)
+        rescue
+          next
+        else
+          client_signers.add(signer)
+        end
+      end
+
+      if client_signers.empty?
+        raise InvalidSep10ChallengeError.new("At least one signer with a G... address must be provied") 
+      end
+
+      # verify all signatures in one pass
+      all_signers = client_signers + Set[server.address]
+      signers_found = verify_tx_signatures(
+        tx_envelope: te, signers: all_signers
+      )
+
+      # ensure server signed transaction and remove it
+      if !signers_found.delete?(server.address)
+        raise InvalidSep10ChallengeError.new("Transaction not signed by server: #{server.address}")
+      end
+
+      # Confirm we matched signatures to the client signers.
+      if signers_found.empty?
+        raise InvalidSep10ChallengeError.new("Transaction not signed by any client signer.")
+      end
+
+      # Confirm all signatures were consumed by a signer.
+      if signers_found.length != te.signatures.length - 1
+        raise InvalidSep10ChallengeError.new("Transaction has unrecognized signatures.")
+      end
+
+      return signers_found
+
+    end
+
+    Contract(C::KeywordArgs[
+      challenge_xdr: String,
+      server: Stellar::KeyPair,
+      threshold: Integer,
+      signers: SetOf[::Hash],
+    ] => C::SetOf[::Hash])
+    # Verifies that for a SEP 10 challenge transaction all signatures on the transaction 
+    # are accounted for and that the signatures meet a threshold on an account. A 
+    # transaction is verified if it is signed by the server account, and all other 
+    # signatures match a signer that has been provided as an argument, and those 
+    # signatures meet a threshold on the account.
+    #
+    # @param challenge_xdr [String] SEP0010 transaction challenge transaction in base64.
+    # @param server [Stellar::KeyPair] keypair for server's account.
+    # @param threshold [Integer] The medThreshold on the client account.
+    # @param signers [SetOf[::Hash]]The signers of client account.
+    #
+    # @return [SetOf[::Hash]]
+    #
+    # Raises a InvalidSep10ChallengeError if:
+    #   - The transaction is invalid according to Stellar::SEP10.read_challenge_transaction.
+    #   - One or more signatures in the transaction are not identifiable as the server 
+    #     account or one of the signers provided in the arguments.
+    #   - The signatures are all valid but do not meet the threshold.
+    def self.verify_challenge_tx_threshold(
+      challenge_xdr:,
+      server:,
+      threshold:,
+      signers:
+    )
+      signer_str_set = signers.map { |s| s['key'] }.to_set
+      signer_strs_found = verify_challenge_tx_signers(
+        challenge_xdr: challenge_xdr, 
+        server: server, 
+        signers: signer_str_set
+      )
+  
+      weight = 0
+      signers_found = Set.new
+      signers.each do |s|
+        if !signer_strs_found.include?(s['key'])
+          next
+        end
+        signer_strs_found.delete(s['key'])
+        signers_found.add(s)
+        weight += s['weight']
+      end
+
+      if weight < threshold
+        raise InvalidSep10ChallengeError.new(
+          "signers with weight #{weight} do not meet threshold #{threshold}."
+        )
+      end
+  
+      return signers_found
+    end
+
+    Contract(C::KeywordArgs[
+      challenge_xdr: String, 
+      server: Stellar::KeyPair
+    ] => nil)
+    # DEPRECATED: Use verify_challenge_tx_signers instead.
+    # This function does not support multiple client signatures.
+    #
+    # Verifies if a transaction is a valid per SEP-10 challenge transaction, if the validation 
+    # fails, an exception will be thrown.
+    #
+    # This function performs the following checks:
+    #   1. verify that transaction sequenceNumber is equal to zero;
+    #   2. verify that transaction source account is equal to the server's signing key;
+    #   3. verify that transaction has time bounds set, and that current time is between the minimum and maximum bounds;
+    #   4. verify that transaction contains a single Manage Data operation and it's source account is not null;
+    #   5. verify that transaction envelope has a correct signature by server's signing key;
+    #   6. verify that transaction envelope has a correct signature by the operation's source account;
+    #
+    # @param challenge_xdr [String] SEP0010 transaction challenge transaction in base64.
+    # @param server [Stellar::KeyPair] keypair for server's account.
+    #
+    # Raises a InvalidSep10ChallengeError if the validation fails
+    def self.verify_challenge_tx(
+      challenge_xdr: String, server: Stellar::KeyPair
+    )
+      transaction_envelope, client_address = read_challenge_tx(
+          challenge_xdr: challenge_xdr, server: server
+      )
+      client_keypair = Stellar::KeyPair.from_address(client_address)
+      if !verify_tx_signed_by(tx_envelope: transaction_envelope, keypair: client_keypair)
+        raise InvalidSep10ChallengeError.new(
+            "Transaction not signed by client: %s" % [client_keypair.address]
+        )
+      end
+    end
+
+    Contract(C::KeywordArgs[
+      tx_envelope: Stellar::TransactionEnvelope, 
+      signers: SetOf[String]
+    ] => SetOf[String])
+    # Verifies every signer passed matches a signature on the transaction exactly once,
+    # returning a list of unique signers that were found to have signed the transaction.
+    #
+    # @param tx_envelope [Stellar::TransactionEnvelope] SEP0010 transaction challenge transaction envelope.
+    # @param signers [SetOf[String]] The signers of client account.
+    #
+    # @return [SetOf[String]]
+    def self.verify_tx_signatures(
+      tx_envelope:,
+      signers:
+    )
+      signatures = tx_envelope.signatures
+      if signatures.empty?
+        raise InvalidSep10ChallengeError.new("Transaction has no signatures.")
+      end
+
+      tx_hash = tx_envelope.tx.hash
+      signatures_used = Set.new
+      signers_found = Set.new
+      signers.each do |signer|
+        kp = Stellar::KeyPair.from_address(signer)
+        tx_envelope.signatures.each_with_index do |sig, i|
+          if signatures_used.include?(i)
+            next
+          end
+          if sig.hint != kp.signature_hint
+            next
+          end
+          if kp.verify(sig.signature, tx_hash)
+            signatures_used.add(i)
+            signers_found.add(signer)
+          end
+        end
+      end
+
+      return signers_found
+    end
+
+    Contract(C::KeywordArgs[
+      tx_envelope: Stellar::TransactionEnvelope,
+      keypair: Stellar::KeyPair
+    ] => C::Bool)
+    # Verifies if a Stellar::TransactionEnvelope was signed by the given Stellar::KeyPair
+    #
+    # @param tx_envelope [Stellar::TransactionEnvelope] 
+    # @param keypair [Stellar::KeyPair]
+    #
+    # @return [Boolean]
+    #
+    # = Example
+    # 
+    #   Stellar::SEP10.verify_tx_signed_by(tx_envelope: envelope, keypair: keypair)
+    #
+    def self.verify_tx_signed_by(tx_envelope:, keypair:)
+      tx_hash = tx_envelope.tx.hash
+      tx_envelope.signatures.any? do |sig| 
+        if sig.hint != keypair.signature_hint
+          next
+        end
+        keypair.verify(sig.signature, tx_hash)
+      end
+    end
+
+  end
+end