@fedify/fedify 0.9.0-dev.177 → 0.9.0-dev.181

package/esm/runtime/key.js

@@ -1,5 +1,5 @@
 import * as dntShim from "../_dnt.shims.js";
-import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/0.224.2/base64.js";
+import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/0.224.3/base64.js";
 /**
  * Imports a PEM-SPKI formatted public key.
  * @param pem The PEM-SPKI formatted public key.

package/esm/sig/http.js

@@ -0,0 +1,229 @@
+import * as dntShim from "../_dnt.shims.js";
+import { getLogger } from "@logtape/logtape";
+import { equals } from "../deps/jsr.io/@std/bytes/0.224.0/mod.js";
+import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/0.224.3/base64.js";
+import { fetchDocumentLoader, } from "../runtime/docloader.js";
+import { isActor } from "../vocab/actor.js";
+import { CryptographicKey, Object as ASObject } from "../vocab/vocab.js";
+import { validateCryptoKey } from "./key.js";
+/**
+ * Signs a request using the given private key.
+ * @param request The request to sign.
+ * @param privateKey The private key to use for signing.
+ * @param keyId The key ID to use for the signature.  It will be used by the
+ *              verifier.
+ * @returns The signed request.
+ * @throws {TypeError} If the private key is invalid or unsupported.
+ */
+export async function signRequest(request, privateKey, keyId) {
+    validateCryptoKey(privateKey, "private");
+    const url = new URL(request.url);
+    const body = request.method !== "GET" && request.method !== "HEAD"
+        ? await request.arrayBuffer()
+        : null;
+    const headers = new Headers(request.headers);
+    if (!headers.has("Host")) {
+        headers.set("Host", url.host);
+    }
+    if (!headers.has("Digest") && body != null) {
+        const digest = await dntShim.crypto.subtle.digest("SHA-256", body);
+        headers.set("Digest", `sha-256=${encodeBase64(digest)}`);
+    }
+    if (!headers.has("Date")) {
+        headers.set("Date", new Date().toUTCString());
+    }
+    const serialized = [
+        ["(request-target)", `${request.method.toLowerCase()} ${url.pathname}`],
+        ...headers,
+    ];
+    const headerNames = serialized.map(([name]) => name);
+    const message = serialized
+        .map(([name, value]) => `${name}: ${value.trim()}`).join("\n");
+    // TODO: support other than RSASSA-PKCS1-v1_5:
+    const signature = await dntShim.crypto.subtle.sign("RSASSA-PKCS1-v1_5", privateKey, new TextEncoder().encode(message));
+    const sigHeader = `keyId="${keyId.href}",headers="${headerNames.join(" ")}",signature="${encodeBase64(signature)}"`;
+    headers.set("Signature", sigHeader);
+    return new Request(request, {
+        headers,
+        body,
+    });
+}
+const supportedHashAlgorithms = {
+    "sha": "SHA-1",
+    "sha-256": "SHA-256",
+    "sha-512": "SHA-512",
+};
+/**
+ * Verifies the signature of a request.
+ *
+ * Note that this function consumes the request body, so it should not be used
+ * if the request body is already consumed.  Consuming the request body after
+ * calling this function is okay, since this function clones the request
+ * under the hood.
+ *
+ * @param request The request to verify.
+ * @param options Options for verifying the request.
+ * @returns The public key of the verified signature, or `null` if the signature
+ *          could not be verified.
+ */
+export async function verifyRequest(request, { documentLoader, contextLoader, timeWindow, currentTime } = {}) {
+    const logger = getLogger(["fedify", "sig", "http"]);
+    request = request.clone();
+    const dateHeader = request.headers.get("Date");
+    if (dateHeader == null) {
+        logger.debug("Failed to verify; no Date header found.", { headers: Object.fromEntries(request.headers.entries()) });
+        return null;
+    }
+    const sigHeader = request.headers.get("Signature");
+    if (sigHeader == null) {
+        logger.debug("Failed to verify; no Signature header found.", { headers: Object.fromEntries(request.headers.entries()) });
+        return null;
+    }
+    const digestHeader = request.headers.get("Digest");
+    if (request.method !== "GET" && request.method !== "HEAD" &&
+        digestHeader == null) {
+        logger.debug("Failed to verify; no Digest header found.", { headers: Object.fromEntries(request.headers.entries()) });
+        return null;
+    }
+    let body = null;
+    if (digestHeader != null) {
+        body = await request.arrayBuffer();
+        const digests = digestHeader.split(",").map((pair) => pair.includes("=") ? pair.split("=", 2) : [pair, ""]);
+        let matched = false;
+        for (let [algo, digestBase64] of digests) {
+            algo = algo.trim().toLowerCase();
+            if (!(algo in supportedHashAlgorithms))
+                continue;
+            const digest = decodeBase64(digestBase64);
+            const expectedDigest = await dntShim.crypto.subtle.digest(supportedHashAlgorithms[algo], body);
+            if (!equals(digest, new Uint8Array(expectedDigest))) {
+                logger.debug("Failed to verify; digest mismatch ({algorithm}): " +
+                    "{digest} != {expectedDigest}.", {
+                    algorithm: algo,
+                    digest: digestBase64,
+                    expectedDigest: encodeBase64(expectedDigest),
+                });
+                return null;
+            }
+            matched = true;
+        }
+        if (!matched) {
+            logger.debug("Failed to verify; no supported digest algorithm found.  " +
+                "Supported: {supportedAlgorithms}; found: {algorithms}.", {
+                supportedAlgorithms: Object.keys(supportedHashAlgorithms),
+                algorithms: digests.map(([algo]) => algo),
+            });
+            return null;
+        }
+    }
+    const date = dntShim.Temporal.Instant.from(new Date(dateHeader).toISOString());
+    const now = currentTime ?? dntShim.Temporal.Now.instant();
+    const tw = timeWindow ?? { minutes: 1 };
+    if (dntShim.Temporal.Instant.compare(date, now.add(tw)) > 0) {
+        logger.debug("Failed to verify; Date is too far in the future.", { date: date.toString(), now: now.toString() });
+        return null;
+    }
+    else if (dntShim.Temporal.Instant.compare(date, now.subtract(tw)) < 0) {
+        logger.debug("Failed to verify; Date is too far in the past.", { date: date.toString(), now: now.toString() });
+        return null;
+    }
+    const sigValues = Object.fromEntries(sigHeader.split(",").map((pair) => pair.match(/^\s*([A-Za-z]+)="([^"]*)"\s*$/)).filter((m) => m != null).map((m) => m.slice(1, 3)));
+    if (!("keyId" in sigValues)) {
+        logger.debug("Failed to verify; no keyId field found in the Signature header.", { signature: sigHeader });
+        return null;
+    }
+    else if (!("headers" in sigValues)) {
+        logger.debug("Failed to verify; no headers field found in the Signature header.", { signature: sigHeader });
+        return null;
+    }
+    else if (!("signature" in sigValues)) {
+        logger.debug("Failed to verify; no signature field found in the Signature header.", { signature: sigHeader });
+        return null;
+    }
+    const { keyId, headers, signature } = sigValues;
+    logger.debug("Fetching key {keyId} to verify signature...", { keyId });
+    let document;
+    try {
+        const remoteDocument = await (documentLoader ?? fetchDocumentLoader)(keyId);
+        document = remoteDocument.document;
+    }
+    catch (_) {
+        logger.debug("Failed to fetch key {keyId}.", { keyId });
+        return null;
+    }
+    let object;
+    try {
+        object = await ASObject.fromJsonLd(document, {
+            documentLoader,
+            contextLoader,
+        });
+    }
+    catch (e) {
+        if (!(e instanceof TypeError))
+            throw e;
+        try {
+            object = await CryptographicKey.fromJsonLd(document, {
+                documentLoader,
+                contextLoader,
+            });
+        }
+        catch (e) {
+            if (e instanceof TypeError) {
+                logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
+                return null;
+            }
+            throw e;
+        }
+    }
+    let key = null;
+    if (object instanceof CryptographicKey)
+        key = object;
+    else if (isActor(object)) {
+        for await (const k of object.getPublicKeys({ documentLoader, contextLoader })) {
+            if (k.id?.href === keyId) {
+                key = k;
+                break;
+            }
+        }
+        if (key == null) {
+            logger.debug("Failed to verify; object {keyId} returned an {actorType}, " +
+                "but has no key matching {keyId}.", { keyId, actorType: object.constructor.name });
+            return null;
+        }
+    }
+    else {
+        logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
+        return null;
+    }
+    if (key.publicKey == null) {
+        logger.debug("Failed to verify; key {keyId} has no publicKeyPem field.", { keyId });
+        return null;
+    }
+    const headerNames = headers.split(/\s+/g);
+    if (!headerNames.includes("(request-target)") || !headerNames.includes("date")) {
+        logger.debug("Failed to verify; required headers missing in the Signature header: " +
+            "{headers}.", { headers });
+        return null;
+    }
+    if (body != null && !headerNames.includes("digest")) {
+        logger.debug("Failed to verify; required headers missing in the Signature header: " +
+            "{headers}.", { headers });
+        return null;
+    }
+    const message = headerNames.map((name) => `${name}: ` +
+        (name == "(request-target)"
+            ? `${request.method.toLowerCase()} ${new URL(request.url).pathname}`
+            : name == "host"
+                ? request.headers.get("host") ?? new URL(request.url).host
+                : request.headers.get(name))).join("\n");
+    const sig = decodeBase64(signature);
+    // TODO: support other than RSASSA-PKCS1-v1_5:
+    const verified = await dntShim.crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, sig, new TextEncoder().encode(message));
+    if (!verified) {
+        logger.debug("Failed to verify; signature {signature} is invalid.  " +
+            "Check if the key is correct or if the signed message is correct.  " +
+            "The message to sign is:\n{message}", { signature, message });
+        return null;
+    }
+    return key;
+}

package/esm/{httpsig → sig}/key.js

@@ -28,7 +28,6 @@ export function validateCryptoKey(key, type) {
 /**
  * Generates a key pair which is appropriate for Fedify.
  * @returns The generated key pair.
- * @since 0.3.0
  */
 export function generateCryptoKeyPair() {
     return dntShim.crypto.subtle.generateKey({
@@ -44,7 +43,6 @@ export function generateCryptoKeyPair() {
  * @returns The exported key in JWK format.  The key is suitable for
  *          serialization and storage.
  * @throws {TypeError} If the key is invalid or unsupported.
- * @since 0.3.0
  */
 export async function exportJwk(key) {
     validateCryptoKey(key);
@@ -56,7 +54,6 @@ export async function exportJwk(key) {
  * @param type Which type of key to import, either `"public"`" or `"private"`".
  * @returns The imported key.
  * @throws {TypeError} If the key is invalid or unsupported.
- * @since 0.3.0
  */
 export async function importJwk(jwk, type) {
     const key = await dntShim.crypto.subtle.importKey("jwk", jwk, { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, true, type === "public" ? ["verify"] : ["sign"]);

package/esm/sig/mod.js

@@ -0,0 +1,8 @@
+/**
+ * HTTP Signatures implementation.
+ *
+ * @module
+ */
+export { signRequest, verifyRequest, } from "./http.js";
+export { exportJwk, generateCryptoKeyPair, importJwk } from "./key.js";
+export { doesActorOwnKey, getKeyOwner, } from "./owner.js";

package/esm/sig/owner.js

@@ -0,0 +1,94 @@
+import { fetchDocumentLoader, } from "../runtime/docloader.js";
+import { isActor } from "../vocab/actor.js";
+import { CryptographicKey, Object as ASObject, } from "../vocab/vocab.js";
+export { exportJwk, generateCryptoKeyPair, importJwk } from "./key.js";
+/**
+ * Checks if the actor of the given activity owns the specified key.
+ * @param activity The activity to check.
+ * @param key The public key to check.
+ * @param options Options for checking the key ownership.
+ * @returns Whether the actor is the owner of the key.
+ */
+export async function doesActorOwnKey(activity, key, options) {
+    if (key.ownerId != null) {
+        return key.ownerId.href === activity.actorId?.href;
+    }
+    const actor = await activity.getActor(options);
+    if (actor == null || !isActor(actor))
+        return false;
+    for (const publicKeyId of actor.publicKeyIds) {
+        if (key.id != null && publicKeyId.href === key.id.href)
+            return true;
+    }
+    return false;
+}
+/**
+ * Gets the actor that owns the specified key.  Returns `null` if the key has no
+ * known owner.
+ *
+ * @param keyId The ID of the key to check, or the key itself.
+ * @param options Options for getting the key owner.
+ * @returns The actor that owns the key, or `null` if the key has no known
+ *          owner.
+ */
+export async function getKeyOwner(keyId, options) {
+    const documentLoader = options.documentLoader ?? fetchDocumentLoader;
+    const contextLoader = options.contextLoader ?? fetchDocumentLoader;
+    let object;
+    if (keyId instanceof CryptographicKey) {
+        object = keyId;
+        if (object.id == null)
+            return null;
+        keyId = object.id;
+    }
+    else {
+        let keyDoc;
+        try {
+            const { document } = await documentLoader(keyId.href);
+            keyDoc = document;
+        }
+        catch (_) {
+            return null;
+        }
+        try {
+            object = await ASObject.fromJsonLd(keyDoc, {
+                documentLoader,
+                contextLoader,
+            });
+        }
+        catch (e) {
+            if (!(e instanceof TypeError))
+                throw e;
+            try {
+                object = await CryptographicKey.fromJsonLd(keyDoc, {
+                    documentLoader,
+                    contextLoader,
+                });
+            }
+            catch (e) {
+                if (e instanceof TypeError)
+                    return null;
+                throw e;
+            }
+        }
+    }
+    let owner = null;
+    if (object instanceof CryptographicKey) {
+        if (object.ownerId == null)
+            return null;
+        owner = await object.getOwner({ documentLoader, contextLoader });
+    }
+    else if (isActor(object)) {
+        owner = object;
+    }
+    else {
+        return null;
+    }
+    if (owner == null)
+        return null;
+    for (const kid of owner.publicKeyIds) {
+        if (kid.href === keyId.href)
+            return owner;
+    }
+    return null;
+}

package/esm/vocab/tombstone.yaml

@@ -0,0 +1,20 @@
+$schema: ../codegen/schema.yaml
+name: Tombstone
+uri: "https://www.w3.org/ns/activitystreams#Tombstone"
+extends: "https://www.w3.org/ns/activitystreams#Object"
+entity: true
+description: |
+  A `Tombstone` represents a content object that has been deleted.
+  It can be used in {@link Collection}s to signify that there used to be
+  an object at this position, but it has been deleted.
+defaultContext: "https://www.w3.org/ns/activitystreams"
+
+properties:
+- singularName: deleted
+  functional: true
+  uri: "https://www.w3.org/ns/activitystreams#deleted"
+  description: |
+    On a `Tombstone` object, the `deleted` property is a timestamp for when
+    the object was deleted.
+  range:
+  - "http://www.w3.org/2001/XMLSchema#dateTime"

package/esm/vocab/vocab.js

@@ -2151,6 +2151,10 @@ export class Object {
                 delete values["@type"];
                 return await Service.fromJsonLd(values, options);
             }
+            if (values["@type"].includes("https://www.w3.org/ns/activitystreams#Tombstone")) {
+                delete values["@type"];
+                return await Tombstone.fromJsonLd(values, options);
+            }
             if (!values["@type"].includes("https://www.w3.org/ns/activitystreams#Object")) {
                 throw new TypeError("Invalid type: " + values["@type"]);
             }
@@ -2208,6 +2212,7 @@ export class Object {
                     "https://www.w3.org/ns/activitystreams#Profile",
                     "https://www.w3.org/ns/activitystreams#Relationship",
                     "https://www.w3.org/ns/activitystreams#Service",
+                    "https://www.w3.org/ns/activitystreams#Tombstone",
                 ].some((t) => v["@type"].includes(t))
                 ? await _a.fromJsonLd(v, options)
                 : typeof v === "object" && "@type" in v &&
@@ -2344,6 +2349,7 @@ export class Object {
                     "https://www.w3.org/ns/activitystreams#Profile",
                     "https://www.w3.org/ns/activitystreams#Relationship",
                     "https://www.w3.org/ns/activitystreams#Service",
+                    "https://www.w3.org/ns/activitystreams#Tombstone",
                 ].some((t) => v["@type"].includes(t))
                 ? await _a.fromJsonLd(v, options)
                 : typeof v === "object" && "@type" in v &&
@@ -2435,6 +2441,7 @@ export class Object {
                     "https://www.w3.org/ns/activitystreams#Profile",
                     "https://www.w3.org/ns/activitystreams#Relationship",
                     "https://www.w3.org/ns/activitystreams#Service",
+                    "https://www.w3.org/ns/activitystreams#Tombstone",
                 ].some((t) => v["@type"].includes(t))
                 ? await _a.fromJsonLd(v, options)
                 : typeof v === "object" && "@type" in v &&
@@ -2526,6 +2533,7 @@ export class Object {
                     "https://www.w3.org/ns/activitystreams#Profile",
                     "https://www.w3.org/ns/activitystreams#Relationship",
                     "https://www.w3.org/ns/activitystreams#Service",
+                    "https://www.w3.org/ns/activitystreams#Tombstone",
                 ].some((t) => v["@type"].includes(t))
                 ? await _a.fromJsonLd(v, options)
                 : typeof v === "object" && "@type" in v &&
@@ -2593,6 +2601,7 @@ export class Object {
                     "https://www.w3.org/ns/activitystreams#Profile",
                     "https://www.w3.org/ns/activitystreams#Relationship",
                     "https://www.w3.org/ns/activitystreams#Service",
+                    "https://www.w3.org/ns/activitystreams#Tombstone",
                 ].some((t) => v["@type"].includes(t))
                 ? await _a.fromJsonLd(v, options)
                 : typeof v === "object" && "@type" in v &&
@@ -2668,6 +2677,7 @@ export class Object {
                         "https://www.w3.org/ns/activitystreams#Profile",
                         "https://www.w3.org/ns/activitystreams#Relationship",
                         "https://www.w3.org/ns/activitystreams#Service",
+                        "https://www.w3.org/ns/activitystreams#Tombstone",
                     ].some((t) => v["@type"].includes(t))
                     ? await _a.fromJsonLd(v, options)
                     : undefined;
@@ -2770,6 +2780,7 @@ export class Object {
                     "https://www.w3.org/ns/activitystreams#Profile",
                     "https://www.w3.org/ns/activitystreams#Relationship",
                     "https://www.w3.org/ns/activitystreams#Service",
+                    "https://www.w3.org/ns/activitystreams#Tombstone",
                 ].some((t) => v["@type"].includes(t))
                 ? await _a.fromJsonLd(v, options)
                 : typeof v === "object" && "@type" in v &&
@@ -7058,6 +7069,7 @@ export class Collection extends Object {
                     "https://www.w3.org/ns/activitystreams#Profile",
                     "https://www.w3.org/ns/activitystreams#Relationship",
                     "https://www.w3.org/ns/activitystreams#Service",
+                    "https://www.w3.org/ns/activitystreams#Tombstone",
                 ].some((t) => v["@type"].includes(t))
                 ? await Object.fromJsonLd(v, options)
                 : typeof v === "object" && "@type" in v &&
@@ -10246,6 +10258,7 @@ export class Link {
                         "https://www.w3.org/ns/activitystreams#Profile",
                         "https://www.w3.org/ns/activitystreams#Relationship",
                         "https://www.w3.org/ns/activitystreams#Service",
+                        "https://www.w3.org/ns/activitystreams#Tombstone",
                     ].some((t) => v["@type"].includes(t))
                     ? await Object.fromJsonLd(v, options)
                     : undefined;
@@ -15912,6 +15925,158 @@ export class Service extends Object {
         return "Service " + inspect(proxy, options);
     }
 }
+/** A `Tombstone` represents a content object that has been deleted.
+ * It can be used in {@link Collection}s to signify that there used to be
+ * an object at this position, but it has been deleted.
+ */
+export class Tombstone extends Object {
+    /**
+     * The type URI of {@link Tombstone}: `https://www.w3.org/ns/activitystreams#Tombstone`.
+     */
+    static get typeId() {
+        return new URL("https://www.w3.org/ns/activitystreams#Tombstone");
+    }
+    #_8g8g4LiVMhFTXskuDEqx4ascxUr = [];
+    /**
+     * Constructs a new instance of Tombstone with the given values.
+     * @param values The values to initialize the instance with.
+     * @param options The options to use for initialization.
+     */
+    constructor(values, { documentLoader, contextLoader, } = {}) {
+        super(values, { documentLoader, contextLoader });
+        if ("deleted" in values && values.deleted != null) {
+            this.#_8g8g4LiVMhFTXskuDEqx4ascxUr = [values.deleted];
+        }
+    }
+    /**
+     * Clones this instance, optionally updating it with the given values.
+     * @param values The values to update the clone with.
+     * @options The options to use for cloning.
+     * @returns The cloned instance.
+     */
+    clone(values = {}, options = {}) {
+        const clone = super.clone(values, options);
+        clone.#_8g8g4LiVMhFTXskuDEqx4ascxUr = this.#_8g8g4LiVMhFTXskuDEqx4ascxUr;
+        if ("deleted" in values && values.deleted != null) {
+            clone.#_8g8g4LiVMhFTXskuDEqx4ascxUr = [values.deleted];
+        }
+        return clone;
+    }
+    /** On a `Tombstone` object, the `deleted` property is a timestamp for when
+     * the object was deleted.
+     */
+    get deleted() {
+        if (this.#_8g8g4LiVMhFTXskuDEqx4ascxUr.length < 1)
+            return null;
+        return this.#_8g8g4LiVMhFTXskuDEqx4ascxUr[0];
+    }
+    /**
+     * Converts this object to a JSON-LD structure.
+     * @returns The JSON-LD representation of this object.
+     */
+    async toJsonLd(options = {}) {
+        options = {
+            ...options,
+            contextLoader: options.contextLoader ?? fetchDocumentLoader,
+        };
+        // deno-lint-ignore no-unused-vars prefer-const
+        let array;
+        const baseValues = await super.toJsonLd({
+            ...options,
+            expand: true,
+        });
+        const values = baseValues[0];
+        array = [];
+        for (const v of this.#_8g8g4LiVMhFTXskuDEqx4ascxUr) {
+            array.push({
+                "@type": "http://www.w3.org/2001/XMLSchema#dateTime",
+                "@value": v.toString(),
+            });
+        }
+        if (array.length > 0) {
+            values["https://www.w3.org/ns/activitystreams#deleted"] = array;
+        }
+        values["@type"] = ["https://www.w3.org/ns/activitystreams#Tombstone"];
+        if (this.id)
+            values["@id"] = this.id.href;
+        if (options.expand) {
+            return await jsonld.expand(values, { documentLoader: options.contextLoader });
+        }
+        return await jsonld.compact(values, "https://www.w3.org/ns/activitystreams", { documentLoader: options.contextLoader });
+    }
+    /**
+     * Converts a JSON-LD structure to an object of this type.
+     * @param json The JSON-LD structure to convert.
+     * @returns The object of this type.
+     * @throws {TypeError} If the given `json` is invalid.
+     */
+    static async fromJsonLd(json, options = {}) {
+        if (typeof json === "undefined") {
+            throw new TypeError("Invalid JSON-LD: undefined.");
+        }
+        else if (json === null)
+            throw new TypeError("Invalid JSON-LD: null.");
+        options = {
+            ...options,
+            documentLoader: options.documentLoader ?? fetchDocumentLoader,
+            contextLoader: options.contextLoader ?? fetchDocumentLoader,
+        };
+        // deno-lint-ignore no-explicit-any
+        let values;
+        if (globalThis.Object.keys(json).length == 0) {
+            values = {};
+        }
+        else {
+            const expanded = await jsonld.expand(json, {
+                documentLoader: options.contextLoader,
+                keepFreeFloatingNodes: true,
+            });
+            values =
+                // deno-lint-ignore no-explicit-any
+                (expanded[0] ?? {});
+        }
+        if ("@type" in values) {
+            if (!values["@type"].includes("https://www.w3.org/ns/activitystreams#Tombstone")) {
+                throw new TypeError("Invalid type: " + values["@type"]);
+            }
+        }
+        const instance = await super.fromJsonLd(values, options);
+        if (!(instance instanceof Tombstone)) {
+            throw new TypeError("Unexpected type: " + instance.constructor.name);
+        }
+        const _8g8g4LiVMhFTXskuDEqx4ascxUr = [];
+        for (const v of values["https://www.w3.org/ns/activitystreams#deleted"] ?? []) {
+            if (v == null)
+                continue;
+            _8g8g4LiVMhFTXskuDEqx4ascxUr.push(dntShim.Temporal.Instant.from(v["@value"]));
+        }
+        instance.#_8g8g4LiVMhFTXskuDEqx4ascxUr = _8g8g4LiVMhFTXskuDEqx4ascxUr;
+        return instance;
+    }
+    _getCustomInspectProxy() {
+        const proxy = super._getCustomInspectProxy();
+        const _8g8g4LiVMhFTXskuDEqx4ascxUr = this.#_8g8g4LiVMhFTXskuDEqx4ascxUr
+            // deno-lint-ignore no-explicit-any
+            .map((v) => v instanceof URL
+            ? {
+                [Symbol.for("Deno.customInspect")]: (inspect, options) => "URL " + inspect(v.href, options),
+                [Symbol.for("nodejs.util.inspect.custom")]: (_depth, options, inspect) => "URL " + inspect(v.href, options),
+            }
+            : v);
+        if (_8g8g4LiVMhFTXskuDEqx4ascxUr.length == 1) {
+            proxy.deleted = _8g8g4LiVMhFTXskuDEqx4ascxUr[0];
+        }
+        return proxy;
+    }
+    [Symbol.for("Deno.customInspect")](inspect, options) {
+        const proxy = this._getCustomInspectProxy();
+        return "Tombstone " + inspect(proxy, options);
+    }
+    [Symbol.for("nodejs.util.inspect.custom")](_depth, options, inspect) {
+        const proxy = this._getCustomInspectProxy();
+        return "Tombstone " + inspect(proxy, options);
+    }
+}
 /** Indicates that the `actor` is undoing the `object`.  In most cases,
  * the `object` will be an {@link Activity} describing some previously performed
  * action (for instance, a person may have previously "liked" an article but,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fedify/fedify",
-  "version": "0.9.0-dev.177+a1fe6aa8",
+  "version": "0.9.0-dev.181+d5e0642c",
   "description": "An ActivityPub server framework",
   "keywords": [
     "ActivityPub",
@@ -53,6 +53,12 @@
         "default": "./esm/runtime/mod.js"
       }
     },
+    "./sig": {
+      "import": {
+        "types": "./types/sig/mod.d.ts",
+        "default": "./esm/sig/mod.js"
+      }
+    },
     "./vocab": {
       "import": {
         "types": "./types/vocab/mod.d.ts",

package/types/deps/jsr.io/@std/assert/0.225.3/assert.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assert.d.ts","sourceRoot":"","sources":["../../../../../../src/deps/jsr.io/@std/assert/0.225.3/assert.ts"],"names":[],"mappings":"AAIA;;;;;;;;;;GAUG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,SAAK,GAAG,OAAO,CAAC,IAAI,CAI5D"}

package/types/deps/jsr.io/@std/assert/0.225.3/assertion_error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assertion_error.d.ts","sourceRoot":"","sources":["../../../../../../src/deps/jsr.io/@std/assert/0.225.3/assertion_error.ts"],"names":[],"mappings":"AAGA;;;;;;;;;GASG;AACH,qBAAa,cAAe,SAAQ,KAAK;IACvC,iCAAiC;gBACrB,OAAO,EAAE,MAAM;CAI5B"}

package/types/deps/jsr.io/@std/encoding/{0.224.2/_util.d.ts → 0.224.3/_validate_binary_like.d.ts}

@@ -1,2 +1,2 @@
 export declare function validateBinaryLike(source: unknown): Uint8Array;
-//# sourceMappingURL=_util.d.ts.map
+//# sourceMappingURL=_validate_binary_like.d.ts.map

package/types/deps/jsr.io/@std/encoding/0.224.3/_validate_binary_like.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"_validate_binary_like.d.ts","sourceRoot":"","sources":["../../../../../../src/deps/jsr.io/@std/encoding/0.224.3/_validate_binary_like.ts"],"names":[],"mappings":"AAeA,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAAG,UAAU,CAa9D"}