@dupecom/botcha-cloudflare 0.15.0 → 0.18.0

package/dist/tap-verify.js

@@ -4,13 +4,20 @@
  *
  * Integrates with existing BOTCHA verification middleware to provide
  * enterprise-grade cryptographic agent authentication
+ *
+ * FEATURES:
+ * - Ed25519, ECDSA P-256, RSA-PSS signature verification
+ * - Full RFC 9421 compliance (sig1/sig2 labels, expires, nonce, tag)
+ * - Nonce replay protection via KV
+ * - TAP timestamp validation (created, expires, 8-minute max window)
+ * - Backward compatible with existing BOTCHA agents
  */
 import { TAP_VALID_ACTIONS } from './tap-agents.js';
 // ============ HTTP MESSAGE SIGNATURES (RFC 9421) ============
 /**
  * Verify HTTP Message Signature according to RFC 9421
  */
-export async function verifyHTTPMessageSignature(request, publicKey, algorithm) {
+export async function verifyHTTPMessageSignature(request, publicKey, algorithm, nonces) {
     try {
         const { headers } = request;
         const signature = headers['signature'];
@@ -23,19 +30,31 @@ export async function verifyHTTPMessageSignature(request, publicKey, algorithm)
         if (!parsed) {
             return { valid: false, error: 'Invalid signature-input format' };
         }
-        // Check timestamp (prevent replay attacks)
-        if (parsed.created) {
-            const now = Math.floor(Date.now() / 1000);
-            const maxAge = 300; // 5 minutes
-            if (Math.abs(now - parsed.created) > maxAge) {
-                return { valid: false, error: 'Signature timestamp too old or too new' };
+        // Validate timestamps
+        const timestampValidation = validateTimestamps(parsed.created, parsed.expires);
+        if (!timestampValidation.valid) {
+            return { valid: false, error: timestampValidation.error };
+        }
+        // Check nonce replay (if nonce provided and KV available)
+        if (parsed.nonce && nonces) {
+            const nonceCheck = await checkAndStoreNonce(nonces, parsed.nonce);
+            if (nonceCheck.replay) {
+                return { valid: false, error: 'Nonce replay detected' };
             }
         }
         // Build signature base
-        const signatureBase = buildSignatureBase(request.method, request.path, headers, parsed.components, parsed.created, parsed.keyId, parsed.algorithm);
+        const signatureBase = buildSignatureBase(request.method, request.path, headers, parsed);
         // Verify signature
-        const isValid = await verifyCryptoSignature(signatureBase, signature, publicKey, algorithm);
-        return { valid: isValid, error: isValid ? undefined : 'Signature verification failed' };
+        const isValid = await verifyCryptoSignature(signatureBase, signature, publicKey, algorithm, parsed.label);
+        return {
+            valid: isValid,
+            error: isValid ? undefined : 'Signature verification failed',
+            metadata: {
+                nonce: parsed.nonce,
+                tag: parsed.tag,
+                key_id: parsed.keyId
+            }
+        };
     }
     catch (error) {
         return { valid: false, error: `Verification error: ${error instanceof Error ? error.message : 'Unknown error'}` };
@@ -43,25 +62,35 @@ export async function verifyHTTPMessageSignature(request, publicKey, algorithm)
 }
 /**
  * Parse signature-input header according to RFC 9421
+ * Supports BOTH sig1 (BOTCHA) and sig2 (Visa TAP) labels
  */
 function parseSignatureInput(input) {
     try {
-        // Parse: sig1=("@method" "@path" "x-tap-agent-id");keyid="agent-123";alg="ecdsa-p256-sha256";created=1234567890
-        const sigMatch = input.match(/sig1=\(([^)]+)\)/);
+        // Match sig1 OR sig2
+        const sigMatch = input.match(/(sig[12])=\(([^)]+)\)/);
         if (!sigMatch)
             return null;
-        const components = sigMatch[1]
+        const label = sigMatch[1];
+        const components = sigMatch[2]
             .split(' ')
             .map(h => h.replace(/"/g, ''));
-        const keyIdMatch = input.match(/keyid="([^"]+)"/);
+        // Extract all params (keyid/keyId, alg, created, expires, nonce, tag)
+        const keyIdMatch = input.match(/keyid="([^"]+)"/i);
         const algMatch = input.match(/alg="([^"]+)"/);
         const createdMatch = input.match(/created=(\d+)/);
+        const expiresMatch = input.match(/expires=(\d+)/);
+        const nonceMatch = input.match(/nonce="([^"]+)"/);
+        const tagMatch = input.match(/tag="([^"]+)"/);
         if (!keyIdMatch || !algMatch || !createdMatch)
             return null;
         return {
+            label,
             keyId: keyIdMatch[1],
             algorithm: algMatch[1],
             created: parseInt(createdMatch[1]),
+            expires: expiresMatch ? parseInt(expiresMatch[1]) : undefined,
+            nonce: nonceMatch ? nonceMatch[1] : undefined,
+            tag: tagMatch ? tagMatch[1] : undefined,
             components
         };
     }
@@ -70,11 +99,51 @@ function parseSignatureInput(input) {
     }
 }
 /**
- * Build signature base string according to RFC 9421
+ * Validate created/expires timestamps according to TAP spec
  */
-function buildSignatureBase(method, path, headers, components, created, keyId, algorithm) {
+function validateTimestamps(created, expires) {
+    const now = Math.floor(Date.now() / 1000);
+    const clockSkew = 30; // 30 seconds tolerance for clock drift
+    // created must be in the past (with clock skew)
+    if (created > now + clockSkew) {
+        return { valid: false, error: 'Signature timestamp is in the future' };
+    }
+    // If expires is present, validate it
+    if (expires !== undefined) {
+        // expires must be in the future
+        if (expires < now) {
+            return { valid: false, error: 'Signature has expired' };
+        }
+        // expires - created must be <= 480 seconds (8 minutes per TAP spec)
+        const window = expires - created;
+        if (window > 480) {
+            return { valid: false, error: 'Signature validity window exceeds 8 minutes' };
+        }
+    }
+    else {
+        // No expires - fall back to 5-minute tolerance on created (backward compat)
+        const age = now - created;
+        if (age > 300) {
+            return { valid: false, error: 'Signature timestamp too old or too new' };
+        }
+        if (age < -clockSkew) {
+            return { valid: false, error: 'Signature timestamp too old or too new' };
+        }
+    }
+    return { valid: true };
+}
+/**
+ * Build signature base string according to RFC 9421 TAP format
+ *
+ * Format:
+ * "@authority": example.com
+ * "@path": /example-product
+ * "@signature-params": sig2=("@authority" "@path");created=1735689600;keyid="poqk...";alg="Ed25519";expires=1735693200;nonce="e8N7...";tag="agent-browser-auth"
+ */
+function buildSignatureBase(method, path, headers, parsed) {
     const lines = [];
-    for (const component of components) {
+    // Add component lines (values are bare, no quotes)
+    for (const component of parsed.components) {
         if (component === '@method') {
             lines.push(`"@method": ${method.toUpperCase()}`);
         }
@@ -82,7 +151,8 @@ function buildSignatureBase(method, path, headers, components, created, keyId, a
             lines.push(`"@path": ${path}`);
         }
         else if (component === '@authority') {
-            lines.push(`"@authority": ${headers['host'] || ''}`);
+            const authority = headers['host'] || headers[':authority'] || '';
+            lines.push(`"@authority": ${authority}`);
         }
         else {
             const value = headers[component];
@@ -91,23 +161,34 @@ function buildSignatureBase(method, path, headers, components, created, keyId, a
             }
         }
     }
-    // Add signature parameters
-    const componentsList = components.map(c => `"${c}"`).join(' ');
-    lines.push(`"@signature-params": (${componentsList});keyid="${keyId}";alg="${algorithm}";created=${created}`);
+    // Build @signature-params line with ALL fields
+    const componentsList = parsed.components.map(c => `"${c}"`).join(' ');
+    let paramsLine = `"@signature-params": ${parsed.label}=(${componentsList});created=${parsed.created};keyid="${parsed.keyId}";alg="${parsed.algorithm}"`;
+    if (parsed.expires !== undefined) {
+        paramsLine += `;expires=${parsed.expires}`;
+    }
+    if (parsed.nonce) {
+        paramsLine += `;nonce="${parsed.nonce}"`;
+    }
+    if (parsed.tag) {
+        paramsLine += `;tag="${parsed.tag}"`;
+    }
+    lines.push(paramsLine);
     return lines.join('\n');
 }
 /**
  * Verify cryptographic signature using Web Crypto API
  */
-async function verifyCryptoSignature(signatureBase, signature, publicKeyPem, algorithm) {
+async function verifyCryptoSignature(signatureBase, signature, publicKeyPem, algorithm, label) {
     try {
-        // Extract signature bytes
-        const sigMatch = signature.match(/sig1=:([^:]+):/);
+        // Extract signature bytes using the correct label
+        const sigPattern = new RegExp(`${label}=:([^:]+):`);
+        const sigMatch = signature.match(sigPattern);
         if (!sigMatch)
             return false;
         const signatureBytes = Uint8Array.from(atob(sigMatch[1]), c => c.charCodeAt(0));
-        // Import public key
-        const keyData = pemToArrayBuffer(publicKeyPem);
+        // Import public key (handles both PEM and raw Ed25519)
+        const keyData = importPublicKey(publicKeyPem, algorithm);
         const cryptoKey = await crypto.subtle.importKey('spki', keyData, getImportParams(algorithm), false, ['verify']);
         // Verify signature
         const encoder = new TextEncoder();
@@ -119,6 +200,53 @@ async function verifyCryptoSignature(signatureBase, signature, publicKeyPem, alg
         return false;
     }
 }
+/**
+ * Import public key - handles PEM SPKI and raw Ed25519 formats
+ */
+function importPublicKey(key, algorithm) {
+    // Check if it's a raw Ed25519 key (32 bytes base64)
+    if (algorithm.toLowerCase().includes('ed25519') || algorithm === 'Ed25519') {
+        if (isRawEd25519Key(key)) {
+            return rawEd25519ToSPKI(key);
+        }
+    }
+    // Otherwise parse as PEM
+    return pemToArrayBuffer(key);
+}
+/**
+ * Detect raw Ed25519 public key (32 bytes = 43-44 base64 chars)
+ */
+function isRawEd25519Key(key) {
+    const stripped = key.replace(/[\s\n\r-]/g, '').replace(/BEGIN.*?END[^-]*-*/g, '');
+    try {
+        const decoded = atob(stripped.replace(/-/g, '+').replace(/_/g, '/'));
+        return decoded.length === 32;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Convert raw 32-byte Ed25519 key to SPKI format
+ * SPKI format: ASN.1 header + 32-byte public key
+ */
+function rawEd25519ToSPKI(rawKey) {
+    const rawBytes = Uint8Array.from(atob(rawKey), c => c.charCodeAt(0));
+    if (rawBytes.length !== 32) {
+        throw new Error('Invalid Ed25519 key length');
+    }
+    // SPKI header for Ed25519 (12 bytes)
+    const spkiHeader = new Uint8Array([
+        0x30, 0x2a, // SEQUENCE (42 bytes)
+        0x30, 0x05, // SEQUENCE (5 bytes) - algorithm
+        0x06, 0x03, 0x2b, 0x65, 0x70, // OID 1.3.101.112 (Ed25519)
+        0x03, 0x21, 0x00 // BIT STRING (33 bytes, 0 unused bits)
+    ]);
+    const spki = new Uint8Array(spkiHeader.length + rawBytes.length);
+    spki.set(spkiHeader, 0);
+    spki.set(rawBytes, spkiHeader.length);
+    return spki.buffer;
+}
 /**
  * Convert PEM public key to ArrayBuffer
  */
@@ -138,6 +266,10 @@ function pemToArrayBuffer(pem) {
  * Get Web Crypto API algorithm parameters for key import
  */
 function getImportParams(algorithm) {
+    const alg = algorithm.toLowerCase();
+    if (alg.includes('ed25519')) {
+        return { name: 'Ed25519' }; // No hash or curve needed
+    }
     switch (algorithm) {
         case 'ecdsa-p256-sha256':
             return { name: 'ECDSA', namedCurve: 'P-256' };
@@ -151,6 +283,10 @@ function getImportParams(algorithm) {
  * Get Web Crypto API algorithm parameters for signature verification
  */
 function getVerifyParams(algorithm) {
+    const alg = algorithm.toLowerCase();
+    if (alg.includes('ed25519')) {
+        return { name: 'Ed25519' }; // No hash needed
+    }
     switch (algorithm) {
         case 'ecdsa-p256-sha256':
             return { name: 'ECDSA', hash: 'SHA-256' };
@@ -160,6 +296,36 @@ function getVerifyParams(algorithm) {
             throw new Error(`Unsupported algorithm: ${algorithm}`);
     }
 }
+// ============ NONCE REPLAY PROTECTION ============
+/**
+ * Check if nonce was already used and store it if new
+ * Returns { replay: true } if nonce was seen before
+ */
+export async function checkAndStoreNonce(nonces, nonce) {
+    if (!nonces || !nonce)
+        return { replay: false };
+    try {
+        // Hash nonce for fixed-length KV key
+        const encoder = new TextEncoder();
+        const hashBuffer = await crypto.subtle.digest('SHA-256', encoder.encode(nonce));
+        const hashHex = Array.from(new Uint8Array(hashBuffer))
+            .map(b => b.toString(16).padStart(2, '0'))
+            .join('');
+        const key = `nonce:${hashHex}`;
+        // Check if already seen
+        const existing = await nonces.get(key);
+        if (existing)
+            return { replay: true };
+        // Store with 8-minute TTL (480 seconds per TAP spec)
+        await nonces.put(key, '1', { expirationTtl: 480 });
+        return { replay: false };
+    }
+    catch (error) {
+        console.error('Nonce check error:', error);
+        // Fail-open on KV errors (don't block legitimate requests)
+        return { replay: false };
+    }
+}
 // ============ TAP INTENT VALIDATION ============
 /**
  * Parse and validate TAP intent from headers
@@ -190,6 +356,7 @@ export function parseTAPIntent(intentString) {
 // ============ TAP HEADER EXTRACTION ============
 /**
  * Extract TAP-specific headers from request
+ * Supports BOTH standard TAP (sig2 + tag) and BOTCHA extended (x-tap-* headers)
  */
 export function extractTAPHeaders(headers) {
     const tapHeaders = {
@@ -200,11 +367,18 @@ export function extractTAPHeaders(headers) {
         'signature': headers['signature'],
         'signature-input': headers['signature-input']
     };
-    const hasTAPHeaders = Boolean(tapHeaders['x-tap-agent-id'] &&
+    // Check for standard TAP (sig2 + agent tag)
+    const signatureInput = headers['signature-input'] || '';
+    const hasAgentTag = /tag="agent-(browser|payer)-auth"/.test(signatureInput);
+    const hasSig2 = /sig2=\(/.test(signatureInput);
+    const isTAPStandard = hasAgentTag && hasSig2;
+    // BOTCHA extended: requires x-tap-agent-id + x-tap-intent + signature
+    const hasBOTCHAExtended = Boolean(tapHeaders['x-tap-agent-id'] &&
         tapHeaders['x-tap-intent'] &&
         tapHeaders['signature'] &&
         tapHeaders['signature-input']);
-    return { hasTAPHeaders, tapHeaders };
+    const hasTAPHeaders = isTAPStandard || hasBOTCHAExtended;
+    return { hasTAPHeaders, tapHeaders, isTAPStandard };
 }
 // ============ VERIFICATION MODES ============
 /**
@@ -226,6 +400,14 @@ export function getVerificationMode(headers) {
     }
     return { mode, hasTAPHeaders, hasChallenge };
 }
+// ============ TAG MAPPING ============
+/**
+ * Map TAP action to appropriate tag
+ */
+export function actionToTag(action) {
+    const payerActions = ['purchase'];
+    return payerActions.includes(action) ? 'agent-payer-auth' : 'agent-browser-auth';
+}
 // ============ CHALLENGE RESPONSE BUILDERS ============
 /**
  * Build appropriate challenge response for TAP verification failure
@@ -262,7 +444,8 @@ export function buildTAPChallengeResponse(verificationResult, challengeData) {
             'signature',
             'signature-input'
         ],
-        supported_algorithms: ['ecdsa-p256-sha256', 'rsa-pss-sha256']
+        supported_algorithms: ['ed25519', 'Ed25519', 'ecdsa-p256-sha256', 'rsa-pss-sha256'],
+        jwks_url: 'https://botcha.ai/.well-known/jwks'
     };
     return response;
 }
@@ -271,5 +454,7 @@ export default {
     parseTAPIntent,
     extractTAPHeaders,
     getVerificationMode,
-    buildTAPChallengeResponse
+    buildTAPChallengeResponse,
+    checkAndStoreNonce,
+    actionToTag
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dupecom/botcha-cloudflare",
-  "version": "0.15.0",
+  "version": "0.18.0",
   "description": "BOTCHA for Cloudflare Workers - Prove you're a bot. Humans need not apply.",
   "type": "module",
   "main": "dist/index.js",