Merge 3925554 into afe345b

stellar-dotnet-sdk-test/WebAuthenticationTest.cs

@@ -32,6 +32,7 @@ public void TestBuildChallengeTransaction()
             CheckOperation(back, clientAccountId);
         }
 
+
         [TestMethod]
         public void TestBuildChallengeTransactionWithOptions()
         {
@@ -1562,5 +1563,23 @@ public void TestVerifyChallengeTransactionNotValidSubsequentDataOperation()
                 Assert.IsTrue(exception.Message.Contains("The transaction has operations that are unrecognized"));
             }
         }
+
+        [TestMethod]
+        public void TestBuildChallengeTransactionBadHomeDomain()
+        {
+            var serverKeypair = KeyPair.Random();
+            var clientAccountId = "GBDIT5GUJ7R5BXO3GJHFXJ6AZ5UQK6MNOIDMPQUSMXLIHTUNR2Q5CFNF";
+            var anchorName = "NET";
+            Network.UseTestNetwork();
+            try
+            {
+                var tx = WebAuthentication.BuildChallengeTransaction(serverKeypair, clientAccountId, anchorName);
+                WebAuthentication.ReadChallengeTransaction(tx, serverKeypair.AccountId, $"{anchorName}bad");
+            }
+            catch (InvalidWebAuthenticationException e)
+            {
+                Assert.AreEqual(e.Message, "Challenge transaction operation key should contain homeDomain");
+            }
+        }
     }
 }

stellar-dotnet-sdk/WebAuthentication.cs

@@ -16,7 +16,7 @@ public static class WebAuthentication
         /// </summary>
         /// <param name="serverKeypair">Server signing keypair</param>
         /// <param name="clientAccountId">The client account id that needs authentication</param>
-        /// <param name="domainName">The domain name</param>
+        /// <param name="homeDomain">The server home domain</param>
         /// <param name="nonce">48 bytes long cryptographic-quality random data</param>
         /// <param name="now">The datetime from which the transaction is valid</param>
         /// <param name="timeout">The transaction lifespan</param>
@@ -25,15 +25,15 @@ public static class WebAuthentication
         /// <exception cref="ArgumentNullException"></exception>
         /// <exception cref="ArgumentException"></exception>
         public static Transaction BuildChallengeTransaction(KeyPair serverKeypair, string clientAccountId,
-            string domainName, byte[] nonce = null, DateTimeOffset? now = null, TimeSpan? timeout = null,
+            string homeDomain, byte[] nonce = null, DateTimeOffset? now = null, TimeSpan? timeout = null,
             Network network = null)
         {
             if (string.IsNullOrEmpty(clientAccountId)) throw new ArgumentNullException(nameof(clientAccountId));
 
             if (StrKey.DecodeVersionByte(clientAccountId) != StrKey.VersionByte.ACCOUNT_ID)
                 throw new InvalidWebAuthenticationException($"{nameof(clientAccountId)} is not a valid account id");
             var clientAccountKeypair = KeyPair.FromAccountId(clientAccountId);
-            return BuildChallengeTransaction(serverKeypair, clientAccountKeypair, domainName, nonce, now, timeout,
+            return BuildChallengeTransaction(serverKeypair, clientAccountKeypair, homeDomain, nonce, now, timeout,
                 network);
         }
 
@@ -42,7 +42,7 @@ public static class WebAuthentication
         /// </summary>
         /// <param name="serverKeypair">Server signing keypair</param>
         /// <param name="clientAccountId">The client account id that needs authentication</param>
-        /// <param name="domainName">The domain name</param>
+        /// <param name="homeDomain">The server home domain</param>
         /// <param name="nonce">48 bytes long cryptographic-quality random data</param>
         /// <param name="now">The datetime from which the transaction is valid</param>
         /// <param name="timeout">The transaction lifespan</param>
@@ -51,12 +51,12 @@ public static class WebAuthentication
         /// <exception cref="ArgumentNullException"></exception>
         /// <exception cref="ArgumentException"></exception>
         public static Transaction BuildChallengeTransaction(KeyPair serverKeypair, KeyPair clientAccountId,
-            string domainName, byte[] nonce = null, DateTimeOffset? now = null, TimeSpan? timeout = null,
+            string homeDomain, byte[] nonce = null, DateTimeOffset? now = null, TimeSpan? timeout = null,
             Network network = null)
         {
             if (serverKeypair is null) throw new ArgumentNullException(nameof(serverKeypair));
             if (clientAccountId is null) throw new ArgumentNullException(nameof(clientAccountId));
-            if (string.IsNullOrEmpty(domainName)) throw new ArgumentNullException(nameof(domainName));
+            if (string.IsNullOrEmpty(homeDomain)) throw new ArgumentNullException(nameof(homeDomain));
 
             if (nonce is null)
             {
@@ -78,7 +78,7 @@ public static class WebAuthentication
             // Sequence number is incremented by 1 before building the transaction, set it to -1 to have 0
             var serverAccount = new Account(serverKeypair, -1);
 
-            var manageDataKey = $"{domainName} auth";
+            var manageDataKey = $"{homeDomain} auth";
             var manageDataValue = Encoding.UTF8.GetBytes(Convert.ToBase64String(nonce));
 
             var timeBounds = new TimeBounds(validFrom, validFor);
@@ -145,6 +145,9 @@ public static class WebAuthentication
             if (operation.SourceAccount is null)
                 throw new InvalidWebAuthenticationException("Challenge transaction operation must have source account");
 
+            if (operation.Name.Split(' ')[0] != homeDomain)
+                throw new InvalidWebAuthenticationException("Challenge transaction operation key should contain homeDomain");
+
             var subsequentOperations = transaction.Operations;
             foreach (var op in subsequentOperations.Skip(1))
             {