@dwk/http-signatures 0.1.0-beta.0

package/LICENSE

@@ -0,0 +1,15 @@
+ISC License
+
+Copyright (c) 2026 David W. Keith
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

package/README.md

@@ -0,0 +1,141 @@
+# `@dwk/http-signatures`
+
+> HTTP Message Signatures (RFC 9421) sign/verify, with the legacy
+> `draft-cavage-http-signatures` profile for fediverse interop. Cross-standard
+> reusable.
+
+Part of the [`@dwk` IndieWeb + Solid cohort](../../README.md). See the
+[package specification](../../spec/packages/http-signatures.md) for the full
+requirements.
+
+This package is **cross-standard reusable**: it takes plain-data inputs only
+(method, URL, headers) plus a resolved `CryptoKey`, has no Workers-runtime
+dependency (only Web Crypto), and unit-tests in isolation (Node, no `workerd`).
+It is **protocol-agnostic** — it knows nothing about ActivityPub, IndieWeb, or
+Solid. Key resolution (fetching an actor's public key, caching it) is the
+caller's responsibility, supplied as a `KeyResolver`.
+
+It mirrors the [`@dwk/dpop`](../dpop/README.md) hardening posture: only
+asymmetric algorithms from an explicit allow-list are accepted — never `none`
+or HMAC — and a resolved key is validated against the claimed algorithm (RSA
+modulus floor of 2048 bits, EC curve) before any signature is checked.
+
+## API
+
+### Signing (RFC 9421)
+
+```ts
+import { signMessage, createContentDigest } from "@dwk/http-signatures";
+
+const body = JSON.stringify(activity);
+
+// Cover the body by digesting it and listing the digest among the components.
+const headers = {
+  host: "remote.example",
+  date: new Date().toUTCString(),
+  "content-type": "application/activity+json",
+  "content-digest": await createContentDigest(body),
+};
+
+const sig = await signMessage(
+  { method: "POST", url: "https://remote.example/inbox", headers },
+  {
+    key: privateKey, // a private CryptoKey you imported for `alg`
+    keyId: "https://me.example/actor#main-key",
+    alg: "ed25519",
+    components: ["@method", "@target-uri", "@authority", "date", "content-digest"],
+    // created defaults to now; expires, nonce, tag, label are optional
+  },
+);
+
+// Merge sig (Signature-Input + Signature) into the outbound request headers.
+await fetch("https://remote.example/inbox", {
+  method: "POST",
+  headers: { ...headers, ...sig },
+  body,
+});
+```
+
+### Verifying
+
+```ts
+import { verifyMessage } from "@dwk/http-signatures";
+
+const result = await verifyMessage(
+  { method: request.method, url: request.url, headers },
+  {
+    // Resolve the public key for the claimed keyid (fetch the actor, cache it).
+    resolveKey: async ({ keyId, alg }) => fetchActorKey(keyId, alg),
+    requiredComponents: ["@method", "@target-uri", "date", "content-digest"],
+    body, // optional: also recompute & check any covered content-digest/digest
+  },
+);
+
+if (!result.valid) {
+  // result.reason is a stable code, e.g. "signature_invalid", "key_unresolved"
+  return new Response("bad signature", { status: 401 });
+}
+// result.keyId is the verified principal; result.coveredComponents the audit trail.
+```
+
+The profile is auto-detected from the headers (a `Signature-Input` header means
+RFC 9421, otherwise the legacy single `Signature` header is parsed as
+`draft-cavage`); pass `profile` to force one.
+
+### `draft-cavage` (fediverse)
+
+```ts
+import { signMessage, createDigest } from "@dwk/http-signatures";
+
+const headers = {
+  host: "remote.example",
+  date: new Date().toUTCString(),
+  digest: await createDigest(body), // legacy "SHA-256=<base64>" header
+};
+
+const sig = await signMessage(
+  { method: "POST", url: "https://remote.example/inbox", headers },
+  {
+    profile: "cavage",
+    key: privateKey,
+    keyId: "https://me.example/actor#main-key",
+    alg: "rsa-v1_5-sha256", // serialized as algorithm="rsa-sha256"
+    components: ["(request-target)", "host", "date", "digest"],
+  },
+);
+```
+
+## What is verified
+
+- **Profile** — `Signature-Input` / `Signature` (RFC 9421) or the single
+  `Signature` header (`draft-cavage`), auto-detected unless forced.
+- **Algorithm** — from the allow-list (`rsa-pss-sha512`, `rsa-v1_5-sha256`,
+  `ecdsa-p256-sha256`, `ecdsa-p384-sha384`, `ed25519`); never `none` or HMAC.
+- **Key** — the resolved `CryptoKey`'s algorithm and EC curve must match the
+  claimed algorithm, and RSA moduli must be at least 2048 bits.
+- **Signature** — over the reconstructed signature base / signing string.
+- **Window** — `created` not in the future and `expires` not in the past,
+  within `toleranceSeconds` (default 300).
+- **Coverage** — every component named in the signature is reconstructed from
+  the message; `requiredComponents` lets the caller insist specific components
+  were covered.
+- **Body integrity** (optional) — when a `body` is supplied and a
+  `content-digest` (RFC 9530) or legacy `Digest` component is covered, the
+  header is recomputed over the body and must match.
+
+`verifyMessage` never throws — failures return `{ valid: false, reason }` with a
+stable `SignatureFailureReason` code. On success it returns
+`{ valid: true, profile, keyId, coveredComponents, created?, expires? }`.
+
+## Out of scope
+
+- **Key resolution and caching** — the caller supplies a `KeyResolver` and owns
+  fetching/importing the public key (PEM/JWK → `CryptoKey`) and any caching.
+- **Replay/nonce storage** — the caller owns nonce bookkeeping.
+- **Component parameters** — `;sf`, `;key`, `;bs`, `@query-param`, and response
+  components (`@status`) are not derived; a signature covering them is reported
+  as `components_malformed` rather than guessed at.
+
+## License
+
+[ISC](../../LICENSE)

package/dist/algorithms.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Algorithm allow-list and the Web Crypto primitives that back it.
+ *
+ * Mirrors the `@dwk/dpop` hardening posture: asymmetric algorithms only, an
+ * explicit allow-list (no `none`, no HMAC), and the resolved key is validated
+ * against the claimed algorithm — RSA moduli below 2048 bits and curve
+ * mismatches are rejected before any signature is checked.
+ */
+import type { SignatureAlgorithm } from "./types";
+/** Whether `alg` is in the allow-list. */
+export declare function isSupportedAlgorithm(alg: string): alg is SignatureAlgorithm;
+/** The reasons {@link validateKey} can reject a key, or `null` when it is sound. */
+export type KeyRejection = "key_alg_mismatch" | "key_too_small";
+/**
+ * Validate that a resolved {@link CryptoKey} matches the claimed algorithm:
+ * the key's algorithm name and EC curve must line up, and RSA moduli must meet
+ * the {@link MIN_RSA_KEY_BITS} floor. Returns `null` when the key is acceptable.
+ */
+export declare function validateKey(key: CryptoKey, alg: SignatureAlgorithm): KeyRejection | null;
+/**
+ * Derive the signature algorithm implied by a resolved key's type. Used when a
+ * signature omits its algorithm (RFC 9421 `alg` is OPTIONAL; the legacy
+ * `hs2019` token is intentionally key-derived). Returns `null` for a key type
+ * outside the allow-list.
+ */
+export declare function deriveAlgFromKey(key: CryptoKey): SignatureAlgorithm | null;
+/** Sign `data` with `key` under `alg`. */
+export declare function signBytes(key: CryptoKey, alg: SignatureAlgorithm, data: Uint8Array): Promise<ArrayBuffer>;
+/** Verify `signature` over `data` with `key` under `alg`. Never throws. */
+export declare function verifyBytes(key: CryptoKey, alg: SignatureAlgorithm, signature: Uint8Array, data: Uint8Array): Promise<boolean>;
+//# sourceMappingURL=algorithms.d.ts.map

package/dist/algorithms.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"algorithms.d.ts","sourceRoot":"","sources":["../src/algorithms.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAiElD,0CAA0C;AAC1C,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,IAAI,kBAAkB,CAE3E;AAED,oFAAoF;AACpF,MAAM,MAAM,YAAY,GAAG,kBAAkB,GAAG,eAAe,CAAC;AAUhE;;;;GAIG;AACH,wBAAgB,WAAW,CACzB,GAAG,EAAE,SAAS,EACd,GAAG,EAAE,kBAAkB,GACtB,YAAY,GAAG,IAAI,CAiBrB;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,SAAS,GAAG,kBAAkB,GAAG,IAAI,CAgB1E;AAED,0CAA0C;AAC1C,wBAAgB,SAAS,CACvB,GAAG,EAAE,SAAS,EACd,GAAG,EAAE,kBAAkB,EACvB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,WAAW,CAAC,CAEtB;AAED,2EAA2E;AAC3E,wBAAsB,WAAW,CAC/B,GAAG,EAAE,SAAS,EACd,GAAG,EAAE,kBAAkB,EACvB,SAAS,EAAE,UAAU,EACrB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,OAAO,CAAC,CAWlB"}

package/dist/algorithms.js

@@ -0,0 +1,106 @@
+/**
+ * Algorithm allow-list and the Web Crypto primitives that back it.
+ *
+ * Mirrors the `@dwk/dpop` hardening posture: asymmetric algorithms only, an
+ * explicit allow-list (no `none`, no HMAC), and the resolved key is validated
+ * against the claimed algorithm — RSA moduli below 2048 bits and curve
+ * mismatches are rejected before any signature is checked.
+ */
+const ALGS = {
+    "rsa-pss-sha512": {
+        keyName: "RSA-PSS",
+        rsa: true,
+        importParams: { name: "RSA-PSS", hash: "SHA-512" },
+        signParams: { name: "RSA-PSS", saltLength: 64 },
+    },
+    "rsa-v1_5-sha256": {
+        keyName: "RSASSA-PKCS1-v1_5",
+        rsa: true,
+        importParams: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+        signParams: { name: "RSASSA-PKCS1-v1_5" },
+    },
+    "ecdsa-p256-sha256": {
+        keyName: "ECDSA",
+        expectedCurve: "P-256",
+        rsa: false,
+        importParams: { name: "ECDSA", namedCurve: "P-256" },
+        signParams: { name: "ECDSA", hash: "SHA-256" },
+    },
+    "ecdsa-p384-sha384": {
+        keyName: "ECDSA",
+        expectedCurve: "P-384",
+        rsa: false,
+        importParams: { name: "ECDSA", namedCurve: "P-384" },
+        signParams: { name: "ECDSA", hash: "SHA-384" },
+    },
+    ed25519: {
+        keyName: "Ed25519",
+        rsa: false,
+        importParams: { name: "Ed25519" },
+        signParams: { name: "Ed25519" },
+    },
+};
+/** Minimum accepted RSA modulus size, in bits. */
+const MIN_RSA_KEY_BITS = 2048;
+/** Whether `alg` is in the allow-list. */
+export function isSupportedAlgorithm(alg) {
+    return Object.prototype.hasOwnProperty.call(ALGS, alg);
+}
+/**
+ * Validate that a resolved {@link CryptoKey} matches the claimed algorithm:
+ * the key's algorithm name and EC curve must line up, and RSA moduli must meet
+ * the {@link MIN_RSA_KEY_BITS} floor. Returns `null` when the key is acceptable.
+ */
+export function validateKey(key, alg) {
+    const spec = ALGS[alg];
+    const keyAlg = key.algorithm;
+    if (keyAlg.name !== spec.keyName) {
+        return "key_alg_mismatch";
+    }
+    if (spec.expectedCurve && keyAlg.namedCurve !== spec.expectedCurve) {
+        return "key_alg_mismatch";
+    }
+    if (spec.rsa &&
+        typeof keyAlg.modulusLength === "number" &&
+        keyAlg.modulusLength < MIN_RSA_KEY_BITS) {
+        return "key_too_small";
+    }
+    return null;
+}
+/**
+ * Derive the signature algorithm implied by a resolved key's type. Used when a
+ * signature omits its algorithm (RFC 9421 `alg` is OPTIONAL; the legacy
+ * `hs2019` token is intentionally key-derived). Returns `null` for a key type
+ * outside the allow-list.
+ */
+export function deriveAlgFromKey(key) {
+    const a = key.algorithm;
+    switch (a.name) {
+        case "RSA-PSS":
+            return "rsa-pss-sha512";
+        case "RSASSA-PKCS1-v1_5":
+            return "rsa-v1_5-sha256";
+        case "ECDSA":
+            return a.namedCurve === "P-384"
+                ? "ecdsa-p384-sha384"
+                : "ecdsa-p256-sha256";
+        case "Ed25519":
+            return "ed25519";
+        default:
+            return null;
+    }
+}
+/** Sign `data` with `key` under `alg`. */
+export function signBytes(key, alg, data) {
+    return crypto.subtle.sign(ALGS[alg].signParams, key, data);
+}
+/** Verify `signature` over `data` with `key` under `alg`. Never throws. */
+export async function verifyBytes(key, alg, signature, data) {
+    try {
+        return await crypto.subtle.verify(ALGS[alg].signParams, key, signature, data);
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=algorithms.js.map

package/dist/algorithms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"algorithms.js","sourceRoot":"","sources":["../src/algorithms.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA6BH,MAAM,IAAI,GAAwC;IAChD,gBAAgB,EAAE;QAChB,OAAO,EAAE,SAAS;QAClB,GAAG,EAAE,IAAI;QACT,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;QAClD,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAE;KAChD;IACD,iBAAiB,EAAE;QACjB,OAAO,EAAE,mBAAmB;QAC5B,GAAG,EAAE,IAAI;QACT,YAAY,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE;QAC5D,UAAU,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE;KAC1C;IACD,mBAAmB,EAAE;QACnB,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,OAAO;QACtB,GAAG,EAAE,KAAK;QACV,YAAY,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE;QACpD,UAAU,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;KAC/C;IACD,mBAAmB,EAAE;QACnB,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,OAAO;QACtB,GAAG,EAAE,KAAK;QACV,YAAY,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE;QACpD,UAAU,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;KAC/C;IACD,OAAO,EAAE;QACP,OAAO,EAAE,SAAS;QAClB,GAAG,EAAE,KAAK;QACV,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;QACjC,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;KAChC;CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAE9B,0CAA0C;AAC1C,MAAM,UAAU,oBAAoB,CAAC,GAAW;IAC9C,OAAO,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AACzD,CAAC;AAaD;;;;GAIG;AACH,MAAM,UAAU,WAAW,CACzB,GAAc,EACd,GAAuB;IAEvB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACvB,MAAM,MAAM,GAAG,GAAG,CAAC,SAAyB,CAAC;IAC7C,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IACD,IAAI,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,UAAU,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;QACnE,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IACD,IACE,IAAI,CAAC,GAAG;QACR,OAAO,MAAM,CAAC,aAAa,KAAK,QAAQ;QACxC,MAAM,CAAC,aAAa,GAAG,gBAAgB,EACvC,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAc;IAC7C,MAAM,CAAC,GAAG,GAAG,CAAC,SAAyB,CAAC;IACxC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,SAAS;YACZ,OAAO,gBAAgB,CAAC;QAC1B,KAAK,mBAAmB;YACtB,OAAO,iBAAiB,CAAC;QAC3B,KAAK,OAAO;YACV,OAAO,CAAC,CAAC,UAAU,KAAK,OAAO;gBAC7B,CAAC,CAAC,mBAAmB;gBACrB,CAAC,CAAC,mBAAmB,CAAC;QAC1B,KAAK,SAAS;YACZ,OAAO,SAAS,CAAC;QACnB;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,SAAS,CACvB,GAAc,EACd,GAAuB,EACvB,IAAgB;IAEhB,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;AAC7D,CAAC;AAED,2EAA2E;AAC3E,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,GAAc,EACd,GAAuB,EACvB,SAAqB,EACrB,IAAgB;IAEhB,IAAI,CAAC;QACH,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAC/B,IAAI,CAAC,GAAG,CAAC,CAAC,UAAU,EACpB,GAAG,EACH,SAAS,EACT,IAAI,CACL,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/base64.d.ts

@@ -0,0 +1,8 @@
+/** Base64 (standard, padded) <-> bytes, plus base64url helpers. */
+/** Decode standard padded base64 to bytes. Throws on invalid input. */
+export declare function base64ToBytes(b64: string): Uint8Array;
+/** Encode bytes as standard padded base64. */
+export declare function bytesToBase64(bytes: Uint8Array): string;
+/** Encode a UTF-8 string to bytes. */
+export declare function utf8(input: string): Uint8Array;
+//# sourceMappingURL=base64.d.ts.map

package/dist/base64.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64.d.ts","sourceRoot":"","sources":["../src/base64.ts"],"names":[],"mappings":"AAAA,mEAAmE;AAEnE,uEAAuE;AACvE,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAOrD;AAED,8CAA8C;AAC9C,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAMvD;AAED,sCAAsC;AACtC,wBAAgB,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAE9C"}

package/dist/base64.js

@@ -0,0 +1,23 @@
+/** Base64 (standard, padded) <-> bytes, plus base64url helpers. */
+/** Decode standard padded base64 to bytes. Throws on invalid input. */
+export function base64ToBytes(b64) {
+    const binary = atob(b64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+/** Encode bytes as standard padded base64. */
+export function bytesToBase64(bytes) {
+    let binary = "";
+    for (const byte of bytes) {
+        binary += String.fromCharCode(byte);
+    }
+    return btoa(binary);
+}
+/** Encode a UTF-8 string to bytes. */
+export function utf8(input) {
+    return new TextEncoder().encode(input);
+}
+//# sourceMappingURL=base64.js.map

package/dist/base64.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64.js","sourceRoot":"","sources":["../src/base64.ts"],"names":[],"mappings":"AAAA,mEAAmE;AAEnE,uEAAuE;AACvE,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,aAAa,CAAC,KAAiB;IAC7C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;AACtB,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,IAAI,CAAC,KAAa;IAChC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC"}

package/dist/cavage.d.ts

@@ -0,0 +1,38 @@
+/**
+ * The legacy `draft-cavage-http-signatures` "Signature" profile that much of
+ * the fediverse still emits. A single `Signature` header carries the `keyId`,
+ * `algorithm`, the space-separated `headers` list, and the base64 `signature`;
+ * the signing string is the `headers` components joined by newlines, where
+ * `(request-target)`, `(created)`, and `(expires)` are pseudo-headers.
+ */
+import type { KeyResolver } from "./rfc9421";
+import type { HttpMessage, SignatureAlgorithm, VerifyResult } from "./types";
+/** Resolved signing inputs for the `draft-cavage` profile. */
+export interface CavageSignParams {
+    key: CryptoKey;
+    keyId: string;
+    alg: SignatureAlgorithm;
+    /** Cavage-style component names, e.g. `["(request-target)", "host", "date", "digest"]`. */
+    components: string[];
+    created?: number;
+    expires?: number;
+}
+/**
+ * Sign `message` under the `draft-cavage` profile. Returns the single
+ * `Signature` header to merge into the request. Throws if a covered component
+ * is absent — a signer bug.
+ */
+export declare function signCavage(message: HttpMessage, params: CavageSignParams): Promise<Record<string, string>>;
+/** Parameters for verifying a `draft-cavage` signature. */
+export interface CavageVerifyParams {
+    resolveKey: KeyResolver;
+    requiredComponents?: string[];
+    now?: number;
+    toleranceSeconds?: number;
+}
+/**
+ * Verify a `draft-cavage` signature on `message`. Never throws — failures are
+ * returned as `{ valid: false, reason }`.
+ */
+export declare function verifyCavage(message: HttpMessage, params: CavageVerifyParams): Promise<VerifyResult>;
+//# sourceMappingURL=cavage.d.ts.map

package/dist/cavage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cavage.d.ts","sourceRoot":"","sources":["../src/cavage.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAWH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAElB,YAAY,EACb,MAAM,SAAS,CAAC;AAsDjB,8DAA8D;AAC9D,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,SAAS,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,kBAAkB,CAAC;IACxB,2FAA2F;IAC3F,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;GAIG;AACH,wBAAsB,UAAU,CAC9B,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAuBjC;AAsCD,2DAA2D;AAC3D,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,WAAW,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAsBD;;;GAGG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,YAAY,CAAC,CAmGvB"}

package/dist/cavage.js

@@ -0,0 +1,249 @@
+/**
+ * The legacy `draft-cavage-http-signatures` "Signature" profile that much of
+ * the fediverse still emits. A single `Signature` header carries the `keyId`,
+ * `algorithm`, the space-separated `headers` list, and the base64 `signature`;
+ * the signing string is the `headers` components joined by newlines, where
+ * `(request-target)`, `(created)`, and `(expires)` are pseudo-headers.
+ */
+import { deriveAlgFromKey, isSupportedAlgorithm, signBytes, validateKey, verifyBytes, } from "./algorithms";
+import { base64ToBytes, bytesToBase64, utf8 } from "./base64";
+import { derivationContext } from "./components";
+/** Map our algorithm identifiers to a `draft-cavage` `algorithm` token. */
+const CAVAGE_TOKEN = {
+    "rsa-v1_5-sha256": "rsa-sha256",
+    "rsa-pss-sha512": "hs2019",
+    "ecdsa-p256-sha256": "ecdsa-sha256",
+    "ecdsa-p384-sha384": "ecdsa-sha384",
+    ed25519: "ed25519",
+};
+/** Map a `draft-cavage` `algorithm` token to our identifier, or `null` for `hs2019`. */
+function tokenToAlg(token) {
+    switch (token.toLowerCase()) {
+        case "rsa-sha256":
+            return "rsa-v1_5-sha256";
+        case "ecdsa-sha256":
+            return "ecdsa-p256-sha256";
+        case "ecdsa-sha384":
+            return "ecdsa-p384-sha384";
+        case "ed25519":
+            return "ed25519";
+        case "hs2019":
+            return "derive";
+        default:
+            return null;
+    }
+}
+/** Build the `draft-cavage` signing string, or report the first missing component. */
+function buildSigningString(ctx, components, times) {
+    const lines = [];
+    for (const raw of components) {
+        const name = raw.toLowerCase();
+        let value;
+        if (name === "(request-target)") {
+            value = `${ctx.message.method.toLowerCase()} ${ctx.url.pathname}${ctx.url.search}`;
+        }
+        else if (name === "(created)") {
+            value = times.created === undefined ? null : String(times.created);
+        }
+        else if (name === "(expires)") {
+            value = times.expires === undefined ? null : String(times.expires);
+        }
+        else {
+            value = ctx.headers.get(name) ?? null;
+        }
+        if (value === null)
+            return { missing: name };
+        lines.push(`${name}: ${value}`);
+    }
+    return { string: lines.join("\n") };
+}
+/**
+ * Sign `message` under the `draft-cavage` profile. Returns the single
+ * `Signature` header to merge into the request. Throws if a covered component
+ * is absent — a signer bug.
+ */
+export async function signCavage(message, params) {
+    const ctx = derivationContext(message);
+    if (ctx === null)
+        throw new Error("http-signatures: message.url is not a valid URL");
+    const built = buildSigningString(ctx, params.components, {
+        created: params.created,
+        expires: params.expires,
+    });
+    if ("missing" in built) {
+        throw new Error(`http-signatures: covered component "${built.missing}" is missing from the message`);
+    }
+    const signature = await signBytes(params.key, params.alg, utf8(built.string));
+    const parts = [
+        `keyId="${params.keyId}"`,
+        `algorithm="${CAVAGE_TOKEN[params.alg]}"`,
+        `headers="${params.components.map((c) => c.toLowerCase()).join(" ")}"`,
+        `signature="${bytesToBase64(new Uint8Array(signature))}"`,
+    ];
+    if (params.created !== undefined)
+        parts.push(`created=${params.created}`);
+    if (params.expires !== undefined)
+        parts.push(`expires=${params.expires}`);
+    return { Signature: parts.join(",") };
+}
+/** Parse a `draft-cavage` `Signature` header into its named members. */
+function parseCavageHeader(value) {
+    const out = new Map();
+    let i = 0;
+    while (i < value.length) {
+        while (i < value.length &&
+            (value[i] === " " || value[i] === "," || value[i] === "\t"))
+            i++;
+        const eq = value.indexOf("=", i);
+        if (eq < 0)
+            break;
+        const key = value.slice(i, eq).trim();
+        i = eq + 1;
+        let raw;
+        if (value[i] === '"') {
+            i++;
+            let s = "";
+            while (i < value.length && value[i] !== '"') {
+                if (value[i] === "\\" && i + 1 < value.length)
+                    i++;
+                s += value[i];
+                i++;
+            }
+            i++; // closing quote
+            raw = s;
+        }
+        else {
+            let j = i;
+            while (j < value.length && value[j] !== ",")
+                j++;
+            raw = value.slice(i, j).trim();
+            i = j;
+        }
+        if (key)
+            out.set(key.toLowerCase(), raw);
+    }
+    return out;
+}
+const DEFAULT_TOLERANCE_SECONDS = 300;
+function getHeader(message, name) {
+    const lower = name.toLowerCase();
+    for (const [k, v] of Object.entries(message.headers)) {
+        if (k.toLowerCase() === lower)
+            return Array.isArray(v) ? v.join(", ") : v;
+    }
+    return null;
+}
+function fail(reason) {
+    return { valid: false, profile: "cavage", reason };
+}
+function parseIntegerParam(raw) {
+    if (raw === undefined)
+        return undefined;
+    const n = Number(raw);
+    return Number.isInteger(n) ? n : null;
+}
+/**
+ * Verify a `draft-cavage` signature on `message`. Never throws — failures are
+ * returned as `{ valid: false, reason }`.
+ */
+export async function verifyCavage(message, params) {
+    const header = getHeader(message, "signature");
+    if (header === null)
+        return fail("signature_missing");
+    const fields = parseCavageHeader(header);
+    const sigB64 = fields.get("signature");
+    if (sigB64 === undefined)
+        return fail("signature_malformed");
+    let signature;
+    try {
+        signature = base64ToBytes(sigB64);
+    }
+    catch {
+        return fail("signature_malformed");
+    }
+    const keyId = fields.get("keyid") ?? null;
+    if (keyId === null)
+        return fail("keyid_missing");
+    const token = fields.get("algorithm");
+    const createdRaw = parseIntegerParam(fields.get("created"));
+    if (createdRaw === null)
+        return fail("created_invalid");
+    const expiresRaw = parseIntegerParam(fields.get("expires"));
+    if (expiresRaw === null)
+        return fail("expires_invalid");
+    // Default covered-component list when no explicit `headers` is sent.
+    // draft-cavage-12 §2.1.6 specifies the default is `(created)` unconditionally.
+    // We deliberately diverge: when `created` is absent we fall back to `date`,
+    // matching the older "Signing HTTP Messages" rule that essentially every
+    // fediverse peer implements. In practice senders always send an explicit
+    // `headers`, so this branch is rarely reached; the divergence only affects
+    // the (non-conforming) case of a signature with neither `headers` nor
+    // `created`, where interop with real-world peers beats spec-literalism.
+    const headersList = fields.get("headers");
+    const components = headersList
+        ? headersList.split(/\s+/).filter(Boolean)
+        : createdRaw !== undefined
+            ? ["(created)"]
+            : ["date"];
+    // Resolve the algorithm. `hs2019` (and a missing token) defer to the key type.
+    let alg = null;
+    if (token !== undefined) {
+        const mapped = tokenToAlg(token);
+        if (mapped === null)
+            return fail("alg_unsupported");
+        if (mapped !== "derive")
+            alg = mapped;
+    }
+    const key = await params.resolveKey({ keyId, alg });
+    if (key === null)
+        return fail("key_unresolved");
+    if (alg === null) {
+        alg = deriveAlgFromKey(key);
+        if (alg === null || !isSupportedAlgorithm(alg))
+            return fail("alg_unsupported");
+    }
+    const rejection = validateKey(key, alg);
+    if (rejection !== null)
+        return fail(rejection);
+    // created / expires window.
+    const now = params.now ?? Math.floor(Date.now() / 1000);
+    const tolerance = params.toleranceSeconds ?? DEFAULT_TOLERANCE_SECONDS;
+    if (createdRaw !== undefined && createdRaw > now + tolerance)
+        return fail("signature_future");
+    if (expiresRaw !== undefined && now > expiresRaw + tolerance)
+        return fail("signature_expired");
+    // RFC 9421 §2.3 / draft-cavage: `expires` MUST NOT precede `created`.
+    if (createdRaw !== undefined &&
+        expiresRaw !== undefined &&
+        expiresRaw < createdRaw)
+        return fail("expires_invalid");
+    // Required-component policy.
+    if (params.requiredComponents) {
+        const covered = new Set(components.map((c) => c.toLowerCase()));
+        for (const required of params.requiredComponents) {
+            if (!covered.has(required.toLowerCase()))
+                return fail("required_component_missing");
+        }
+    }
+    const ctx = derivationContext(message);
+    if (ctx === null)
+        return fail("covered_component_missing");
+    const built = buildSigningString(ctx, components, {
+        created: createdRaw,
+        expires: expiresRaw,
+    });
+    if ("missing" in built)
+        return fail("covered_component_missing");
+    const ok = await verifyBytes(key, alg, signature, utf8(built.string));
+    if (!ok)
+        return fail("signature_invalid");
+    return {
+        valid: true,
+        profile: "cavage",
+        keyId,
+        coveredComponents: components,
+        created: createdRaw,
+        expires: expiresRaw,
+    };
+}
+//# sourceMappingURL=cavage.js.map

package/dist/cavage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cavage.js","sourceRoot":"","sources":["../src/cavage.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,SAAS,EACT,WAAW,EACX,WAAW,GACZ,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAA0B,MAAM,cAAc,CAAC;AASzE,2EAA2E;AAC3E,MAAM,YAAY,GAAuC;IACvD,iBAAiB,EAAE,YAAY;IAC/B,gBAAgB,EAAE,QAAQ;IAC1B,mBAAmB,EAAE,cAAc;IACnC,mBAAmB,EAAE,cAAc;IACnC,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,wFAAwF;AACxF,SAAS,UAAU,CAAC,KAAa;IAC/B,QAAQ,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QAC5B,KAAK,YAAY;YACf,OAAO,iBAAiB,CAAC;QAC3B,KAAK,cAAc;YACjB,OAAO,mBAAmB,CAAC;QAC7B,KAAK,cAAc;YACjB,OAAO,mBAAmB,CAAC;QAC7B,KAAK,SAAS;YACZ,OAAO,SAAS,CAAC;QACnB,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,sFAAsF;AACtF,SAAS,kBAAkB,CACzB,GAAsB,EACtB,UAAoB,EACpB,KAA6C;IAE7C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAC/B,IAAI,KAAoB,CAAC;QACzB,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,KAAK,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QACrF,CAAC;aAAM,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;YAChC,KAAK,GAAG,KAAK,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrE,CAAC;aAAM,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;YAChC,KAAK,GAAG,KAAK,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;QACxC,CAAC;QACD,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AACtC,CAAC;AAaD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAAoB,EACpB,MAAwB;IAExB,MAAM,GAAG,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,GAAG,KAAK,IAAI;QACd,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE;QACvD,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC;IACH,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,uCAAuC,KAAK,CAAC,OAAO,+BAA+B,CACpF,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9E,MAAM,KAAK,GAAG;QACZ,UAAU,MAAM,CAAC,KAAK,GAAG;QACzB,cAAc,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG;QACzC,YAAY,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG;QACtE,cAAc,aAAa,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,GAAG;KAC1D,CAAC;IACF,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1E,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1E,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;AACxC,CAAC;AAED,wEAAwE;AACxE,SAAS,iBAAiB,CAAC,KAAa;IACtC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IACtC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,OACE,CAAC,GAAG,KAAK,CAAC,MAAM;YAChB,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;YAE3D,CAAC,EAAE,CAAC;QACN,MAAM,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACjC,IAAI,EAAE,GAAG,CAAC;YAAE,MAAM;QAClB,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACX,IAAI,GAAW,CAAC;QAChB,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACrB,CAAC,EAAE,CAAC;YACJ,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC5C,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM;oBAAE,CAAC,EAAE,CAAC;gBACnD,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;gBACd,CAAC,EAAE,CAAC;YACN,CAAC;YACD,CAAC,EAAE,CAAC,CAAC,gBAAgB;YACrB,GAAG,GAAG,CAAC,CAAC;QACV,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,CAAC;YACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,CAAC,EAAE,CAAC;YACjD,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/B,CAAC,GAAG,CAAC,CAAC;QACR,CAAC;QACD,IAAI,GAAG;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAUD,MAAM,yBAAyB,GAAG,GAAG,CAAC;AAEtC,SAAS,SAAS,CAAC,OAAoB,EAAE,IAAY;IACnD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,IAAI,CAAC,MAA8B;IAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAuB;IAChD,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACtB,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAoB,EACpB,MAA0B;IAE1B,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC/C,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAEtD,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACvC,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC7D,IAAI,SAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,SAAS,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IAC1C,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC;IAEjD,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5D,IAAI,UAAU,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5D,IAAI,UAAU,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAExD,qEAAqE;IACrE,+EAA+E;IAC/E,4EAA4E;IAC5E,yEAAyE;IACzE,yEAAyE;IACzE,2EAA2E;IAC3E,sEAAsE;IACtE,wEAAwE;IACxE,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,WAAW;QAC5B,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;QAC1C,CAAC,CAAC,UAAU,KAAK,SAAS;YACxB,CAAC,CAAC,CAAC,WAAW,CAAC;YACf,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAEf,+EAA+E;IAC/E,IAAI,GAAG,GAA8B,IAAI,CAAC;IAC1C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QACjC,IAAI,MAAM,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACpD,IAAI,MAAM,KAAK,QAAQ;YAAE,GAAG,GAAG,MAAM,CAAC;IACxC,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IACpD,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAChD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,GAAG,KAAK,IAAI,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC;YAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACnC,CAAC;IACD,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxC,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC;IAE/C,4BAA4B;IAC5B,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,MAAM,CAAC,gBAAgB,IAAI,yBAAyB,CAAC;IACvE,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,GAAG,GAAG,GAAG,SAAS;QAC1D,OAAO,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAClC,IAAI,UAAU,KAAK,SAAS,IAAI,GAAG,GAAG,UAAU,GAAG,SAAS;QAC1D,OAAO,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACnC,sEAAsE;IACtE,IACE,UAAU,KAAK,SAAS;QACxB,UAAU,KAAK,SAAS;QACxB,UAAU,GAAG,UAAU;QAEvB,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAEjC,6BAA6B;IAC7B,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAChE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACjD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACtC,OAAO,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC3D,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,EAAE,UAAU,EAAE;QAChD,OAAO,EAAE,UAAU;QACnB,OAAO,EAAE,UAAU;KACpB,CAAC,CAAC;IACH,IAAI,SAAS,IAAI,KAAK;QAAE,OAAO,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAEjE,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACtE,IAAI,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAE1C,OAAO;QACL,KAAK,EAAE,IAAI;QACX,OAAO,EAAE,QAAQ;QACjB,KAAK;QACL,iBAAiB,EAAE,UAAU;QAC7B,OAAO,EAAE,UAAU;QACnB,OAAO,EAAE,UAAU;KACpB,CAAC;AACJ,CAAC"}