@fedify/fedify 1.3.0-dev.564 → 1.3.0-dev.568

package/CHANGES.md

@@ -61,6 +61,7 @@ To be released.
 
  -  Fedify now supports OpenTelemetry for tracing.  [[#170]]
 
+     -  Added `Context.tracerProvider` property.
      -  Added `CreateFederationOptions.tracerProvider` option.
      -  Added `LookupWebFingerOptions.tracerProvider` option.
      -  Added `LookupObjectOptions.tracerProvider` option.
@@ -68,6 +69,20 @@ To be released.
      -  Added `VerifyRequestOptions.tracerProvider` option.
      -  Added `SignRequestOptions` interface.
      -  Added the optional fourth parameter to `signRequest()` function.
+     -  Added `VerifyProofOptions.tracerProvider` option.
+     -  Added `VerifyObjectOptions.tracerProvider` option.
+     -  Added `SignObjectOptions.tracerProvider` option.
+     -  Added `VerifySignatureOptions.tracerProvider` option.
+     -  Added `VerifyJsonLdOptions.tracerProvider` option.
+     -  Added `SignJsonLdOptions.tracerProvider` option.
+     -  Added `DoesActorOwnKeyOptions.tracerProvider` option.
+     -  Added `GetKeyOwnerOptions.tracerProvider` option.
+
+     -  Added `tracerProvider` option to the following Activity Vocabulary APIs:
+
+         -  The second parameters of constructors.
+         -  The second parameters of `fromJsonLd()` static methods.
+         -  The second parameters of `get*()` methods.
 
  -  Added `@fedify/fedify/x/sveltekit` module for integrating with [SvelteKit]
     hook.  [[#171], [#183] by Jiyu Park]

package/esm/deno.js

@@ -1,6 +1,6 @@
 export default {
     "name": "@fedify/fedify",
-    "version": "1.3.0-dev.564+dd787d55",
+    "version": "1.3.0-dev.568+35cde4e3",
     "license": "MIT",
     "exports": {
         ".": "./mod.ts",

package/esm/federation/handler.js

@@ -259,6 +259,7 @@ export async function handleInbox(request, { recipient, context, inboxContextFac
         contextLoader: context.contextLoader,
         documentLoader: context.documentLoader,
         keyCache,
+        tracerProvider,
     });
     const jsonWithoutSig = detachSignature(json);
     let activity = null;
@@ -273,6 +274,7 @@ export async function handleInbox(request, { recipient, context, inboxContextFac
                 contextLoader: context.contextLoader,
                 documentLoader: context.documentLoader,
                 keyCache,
+                tracerProvider,
             });
         }
         catch (error) {

package/esm/federation/middleware.js

@@ -195,6 +195,7 @@ export class FederationImpl {
                 activityId: message.activityId,
                 inbox: new URL(message.inbox),
                 headers: new Headers(message.headers),
+                tracerProvider: this.tracerProvider,
             });
         }
         catch (error) {
@@ -203,6 +204,7 @@ export class FederationImpl {
                 documentLoader: rsaKeyPair == null
                     ? this.documentLoader
                     : this.authenticatedDocumentLoaderFactory(rsaKeyPair),
+                tracerProvider: this.tracerProvider,
             });
             try {
                 this.onOutboxError?.(error, activity);
@@ -927,6 +929,7 @@ export class FederationImpl {
             if (privateKey.algorithm.name === "Ed25519") {
                 activity = await signObject(activity, privateKey, keyId, {
                     contextLoader: this.contextLoader,
+                    tracerProvider: this.tracerProvider,
                 });
                 proofCreated = true;
             }
@@ -950,6 +953,7 @@ export class FederationImpl {
         else {
             jsonLd = await signJsonLd(jsonLd, rsaKey.privateKey, rsaKey.keyId, {
                 contextLoader: this.contextLoader,
+                tracerProvider: this.tracerProvider,
             });
         }
         if (!proofCreated) {
@@ -981,6 +985,7 @@ export class FederationImpl {
                     headers: collectionSync == null ? undefined : new Headers({
                         "Collection-Synchronization": await buildCollectionSynchronizationHeader(collectionSync, inboxes[inbox]),
                     }),
+                    tracerProvider: this.tracerProvider,
                 }));
             }
             await Promise.all(promises);
@@ -1297,6 +1302,9 @@ export class ContextImpl {
     get contextLoader() {
         return this.federation.contextLoader;
     }
+    get tracerProvider() {
+        return this.federation.tracerProvider;
+    }
     getNodeInfoUri() {
         const path = this.federation.router.build("nodeInfo", {});
         if (path == null) {
@@ -1634,7 +1642,7 @@ export class ContextImpl {
             documentLoader: options.documentLoader ?? this.documentLoader,
             contextLoader: options.contextLoader ?? this.contextLoader,
             userAgent: options.userAgent ?? this.federation.userAgent,
-            tracerProvider: options.tracerProvider ?? this.federation.tracerProvider,
+            tracerProvider: options.tracerProvider ?? this.tracerProvider,
         });
     }
     traverseCollection(collection, options = {}) {
@@ -1801,7 +1809,7 @@ class RequestContextImpl extends ContextImpl {
         return this.#signedKey = await verifyRequest(this.request, {
             ...this,
             timeWindow: this.federation.signatureTimeWindow,
-            tracerProvider: this.federation.tracerProvider,
+            tracerProvider: this.tracerProvider,
         });
     }
     #signedKeyOwner = undefined;
@@ -1931,6 +1939,7 @@ export class InboxContextImpl extends ContextImpl {
                     activity: this.activity,
                     activityId: activityId,
                     inbox: new URL(inbox),
+                    tracerProvider: this.tracerProvider,
                 }));
             }
             await Promise.all(promises);

package/esm/federation/send.js

@@ -30,7 +30,7 @@ export function extractInboxes({ recipients, preferSharedInbox, excludeBaseUris
  *                   See also {@link SendActivityParameters}.
  * @throws {Error} If the activity fails to send.
  */
-export async function sendActivity({ activity, activityId, keys, inbox, headers, }) {
+export async function sendActivity({ activity, activityId, keys, inbox, headers, tracerProvider, }) {
     const logger = getLogger(["fedify", "federation", "outbox"]);
     headers = new Headers(headers);
     headers.set("Content-Type", "application/activity+json");
@@ -59,7 +59,7 @@ export async function sendActivity({ activity, activityId, keys, inbox, headers,
         });
     }
     else {
-        request = await signRequest(request, rsaKey.privateKey, rsaKey.keyId);
+        request = await signRequest(request, rsaKey.privateKey, rsaKey.keyId, { tracerProvider });
     }
     let response;
     try {

package/esm/sig/http.js

@@ -29,7 +29,7 @@ export async function signRequest(request, privateKey, keyId, options = {}) {
                 for (const [name, value] of signed.headers) {
                     span.setAttribute(ATTR_HTTP_REQUEST_HEADER(name), value);
                 }
-                span.setAttribute("httpsignatures.key_id", keyId.href);
+                span.setAttribute("http_signatures.key_id", keyId.href);
             }
             return signed;
         }
@@ -62,7 +62,7 @@ async function signRequestInternal(request, privateKey, keyId, span) {
         const digest = await dntShim.crypto.subtle.digest("SHA-256", body);
         headers.set("Digest", `SHA-256=${encodeBase64(digest)}`);
         if (span.isRecording()) {
-            span.setAttribute("httpsignatures.digest.sha-256", encodeHex(digest));
+            span.setAttribute("http_signatures.digest.sha-256", encodeHex(digest));
         }
     }
     if (!headers.has("Date")) {
@@ -80,8 +80,8 @@ async function signRequestInternal(request, privateKey, keyId, span) {
     const sigHeader = `keyId="${keyId.href}",algorithm="rsa-sha256",headers="${headerNames.join(" ")}",signature="${encodeBase64(signature)}"`;
     headers.set("Signature", sigHeader);
     if (span.isRecording()) {
-        span.setAttribute("httpsignatures.algorithm", "rsa-sha256");
-        span.setAttribute("httpsignatures.signature", encodeHex(signature));
+        span.setAttribute("http_signatures.algorithm", "rsa-sha256");
+        span.setAttribute("http_signatures.signature", encodeHex(signature));
     }
     return new Request(request, {
         headers,
@@ -135,7 +135,7 @@ export async function verifyRequest(request, options = {}) {
         }
     });
 }
-async function verifyRequestInternal(request, span, { documentLoader, contextLoader, timeWindow, currentTime, keyCache, } = {}) {
+async function verifyRequestInternal(request, span, { documentLoader, contextLoader, timeWindow, currentTime, keyCache, tracerProvider, } = {}) {
     const logger = getLogger(["fedify", "sig", "http"]);
     if (request.bodyUsed) {
         logger.error("Failed to verify; the request body is already consumed.", { url: request.url });
@@ -184,7 +184,7 @@ async function verifyRequestInternal(request, span, { documentLoader, contextLoa
                 return null;
             }
             if (span.isRecording()) {
-                span.setAttribute(`httpsignatures.digest.${algo}`, encodeHex(digest));
+                span.setAttribute(`http_signatures.digest.${algo}`, encodeHex(digest));
             }
             const expectedDigest = await dntShim.crypto.subtle.digest(supportedHashAlgorithms[algo], body);
             if (!equals(digest, new Uint8Array(expectedDigest))) {
@@ -235,15 +235,16 @@ async function verifyRequestInternal(request, span, { documentLoader, contextLoa
         return null;
     }
     const { keyId, headers, signature } = sigValues;
-    span?.setAttribute("httpsignatures.key_id", keyId);
-    span?.setAttribute("httpsignatures.signature", signature);
+    span?.setAttribute("http_signatures.key_id", keyId);
+    span?.setAttribute("http_signatures.signature", signature);
     if ("algorithm" in sigValues) {
-        span?.setAttribute("httpsignatures.algorithm", sigValues.algorithm);
+        span?.setAttribute("http_signatures.algorithm", sigValues.algorithm);
     }
     const { key, cached } = await fetchKey(new URL(keyId), CryptographicKey, {
         documentLoader,
         contextLoader,
         keyCache,
+        tracerProvider,
     });
     if (key == null)
         return null;

package/esm/sig/key.js

@@ -106,7 +106,7 @@ export async function importJwk(jwk, type) {
  */
 export async function fetchKey(keyId, 
 // deno-lint-ignore no-explicit-any
-cls, { documentLoader, contextLoader, keyCache } = {}) {
+cls, { documentLoader, contextLoader, keyCache, tracerProvider } = {}) {
     const logger = getLogger(["fedify", "sig", "key"]);
     const cacheKey = typeof keyId === "string" ? new URL(keyId) : keyId;
     keyId = typeof keyId === "string" ? keyId : keyId.href;
@@ -140,6 +140,7 @@ cls, { documentLoader, contextLoader, keyCache } = {}) {
         object = await Object.fromJsonLd(document, {
             documentLoader,
             contextLoader,
+            tracerProvider,
         });
     }
     catch (e) {
@@ -149,6 +150,7 @@ cls, { documentLoader, contextLoader, keyCache } = {}) {
             object = await cls.fromJsonLd(document, {
                 documentLoader,
                 contextLoader,
+                tracerProvider,
             });
         }
         catch (e) {
@@ -166,8 +168,12 @@ cls, { documentLoader, contextLoader, keyCache } = {}) {
     else if (isActor(object)) {
         // @ts-ignore: cls is either CryptographicKey or Multikey
         const keys = cls === CryptographicKey
-            ? object.getPublicKeys({ documentLoader, contextLoader })
-            : object.getAssertionMethods({ documentLoader, contextLoader });
+            ? object.getPublicKeys({ documentLoader, contextLoader, tracerProvider })
+            : object.getAssertionMethods({
+                documentLoader,
+                contextLoader,
+                tracerProvider,
+            });
         for await (const k of keys) {
             if (k.id?.href === keyId) {
                 key = k;

package/esm/sig/ld.js

@@ -1,10 +1,13 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
+import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.5/base64.js";
 import { encodeHex } from "../deps/jsr.io/@std/encoding/1.0.5/hex.js";
 // @ts-ignore TS7016
 import jsonld from "jsonld";
+import metadata from "../deno.js";
 import { getDocumentLoader, } from "../runtime/docloader.js";
+import { getTypeId } from "../vocab/type.js";
 import { Activity, CryptographicKey, Object } from "../vocab/vocab.js";
 import { fetchKey, validateCryptoKey } from "./key.js";
 const logger = getLogger(["fedify", "sig", "ld"]);
@@ -70,8 +73,30 @@ export async function createSignature(jsonLd, privateKey, keyId, { contextLoader
  * @since 1.0.0
  */
 export async function signJsonLd(jsonLd, privateKey, keyId, options) {
-    const signature = await createSignature(jsonLd, privateKey, keyId, options);
-    return attachSignature(jsonLd, signature);
+    const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+    const tracer = tracerProvider.getTracer(metadata.name, metadata.version);
+    return await tracer.startActiveSpan("ld_signatures.sign", {
+        attributes: { "ld_signatures.key_id": keyId.href },
+    }, async (span) => {
+        try {
+            const signature = await createSignature(jsonLd, privateKey, keyId, options);
+            if (span.isRecording()) {
+                span.setAttribute("ld_signatures.type", signature.type);
+                span.setAttribute("ld_signatures.signature", encodeHex(decodeBase64(signature.signatureValue)));
+            }
+            return attachSignature(jsonLd, signature);
+        }
+        catch (error) {
+            span.setStatus({
+                code: SpanStatusCode.ERROR,
+                message: String(error),
+            });
+            throw error;
+        }
+        finally {
+            span.end();
+        }
+    });
 }
 /**
  * Checks if the given JSON-LD document has a Linked Data Signature.
@@ -194,26 +219,62 @@ export async function verifySignature(jsonLd, options = {}) {
  * @returns `true` if the document is authentic; `false` otherwise.
  */
 export async function verifyJsonLd(jsonLd, options = {}) {
-    const object = await Object.fromJsonLd(jsonLd, options);
-    const attributions = new Set(object.attributionIds.map((uri) => uri.href));
-    if (object instanceof Activity) {
-        for (const uri of object.actorIds)
-            attributions.add(uri.href);
-    }
-    const key = await verifySignature(jsonLd, options);
-    if (key == null)
-        return false;
-    if (key.ownerId == null) {
-        logger.debug("Key {keyId} has no owner.", { keyId: key.id?.href });
-        return false;
-    }
-    attributions.delete(key.ownerId.href);
-    if (attributions.size > 0) {
-        logger.debug("Some attributions are not authenticated by the Linked Data Signatures" +
-            ": {attributions}.", { attributions: [...attributions] });
-        return false;
-    }
-    return true;
+    const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+    const tracer = tracerProvider.getTracer(metadata.name, metadata.version);
+    return await tracer.startActiveSpan("ld_signatures.verify", async (span) => {
+        try {
+            const object = await Object.fromJsonLd(jsonLd, options);
+            if (object.id != null) {
+                span.setAttribute("activitypub.object.id", object.id.href);
+            }
+            span.setAttribute("activitypub.object.type", getTypeId(object).href);
+            if (typeof jsonLd === "object" && jsonLd != null &&
+                "signature" in jsonLd && typeof jsonLd.signature === "object" &&
+                jsonLd.signature != null) {
+                if ("creator" in jsonLd.signature &&
+                    typeof jsonLd.signature.creator === "string") {
+                    span.setAttribute("ld_signatures.key_id", jsonLd.signature.creator);
+                }
+                if ("signatureValue" in jsonLd.signature &&
+                    typeof jsonLd.signature.signatureValue === "string") {
+                    span.setAttribute("ld_signatures.signature", jsonLd.signature.signatureValue);
+                }
+                if ("type" in jsonLd.signature &&
+                    typeof jsonLd.signature.type === "string") {
+                    span.setAttribute("ld_signatures.type", jsonLd.signature.type);
+                }
+            }
+            const attributions = new Set(object.attributionIds.map((uri) => uri.href));
+            if (object instanceof Activity) {
+                for (const uri of object.actorIds)
+                    attributions.add(uri.href);
+            }
+            const key = await verifySignature(jsonLd, options);
+            if (key == null)
+                return false;
+            if (key.ownerId == null) {
+                logger.debug("Key {keyId} has no owner.", { keyId: key.id?.href });
+                return false;
+            }
+            attributions.delete(key.ownerId.href);
+            if (attributions.size > 0) {
+                logger.debug("Some attributions are not authenticated by the Linked Data " +
+                    "Signatures: {attributions}.", { attributions: [...attributions] });
+                return false;
+            }
+            return true;
+        }
+        catch (error) {
+            span.setStatus({
+                code: SpanStatusCode.ERROR,
+                message: String(error),
+            });
+            throw error;
+        }
+        finally {
+            span.end();
+        }
+    });
 }
 async function hashJsonLd(jsonLd, contextLoader) {
     const canon = await jsonld.canonize(jsonLd, {

package/esm/sig/owner.js

@@ -1,3 +1,4 @@
+import { trace } from "@opentelemetry/api";
 import { getDocumentLoader, } from "../runtime/docloader.js";
 import { isActor } from "../vocab/actor.js";
 import { CryptographicKey, Object as ASObject, } from "../vocab/vocab.js";
@@ -30,8 +31,10 @@ export async function doesActorOwnKey(activity, key, options) {
  * @param options Options for getting the key owner.
  * @returns The actor that owns the key, or `null` if the key has no known
  *          owner.
+ * @since 0.7.0
  */
 export async function getKeyOwner(keyId, options) {
+    const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
     const documentLoader = options.documentLoader ?? getDocumentLoader();
     const contextLoader = options.contextLoader ?? getDocumentLoader();
     let object;
@@ -54,6 +57,7 @@ export async function getKeyOwner(keyId, options) {
             object = await ASObject.fromJsonLd(keyDoc, {
                 documentLoader,
                 contextLoader,
+                tracerProvider,
             });
         }
         catch (e) {
@@ -63,6 +67,7 @@ export async function getKeyOwner(keyId, options) {
                 object = await CryptographicKey.fromJsonLd(keyDoc, {
                     documentLoader,
                     contextLoader,
+                    tracerProvider,
                 });
             }
             catch (e) {
@@ -76,7 +81,11 @@ export async function getKeyOwner(keyId, options) {
     if (object instanceof CryptographicKey) {
         if (object.ownerId == null)
             return null;
-        owner = await object.getOwner({ documentLoader, contextLoader });
+        owner = await object.getOwner({
+            documentLoader,
+            contextLoader,
+            tracerProvider,
+        });
     }
     else if (isActor(object)) {
         owner = object;

package/esm/sig/proof.js

@@ -1,9 +1,12 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
-import { Activity, Multikey } from "../vocab/vocab.js";
+import { SpanStatusCode, trace } from "@opentelemetry/api";
+import { encodeHex } from "../deps/jsr.io/@std/encoding/1.0.5/hex.js";
 // @ts-ignore: json-canon is not typed
 import serialize from "json-canon";
-import { DataIntegrityProof } from "../vocab/vocab.js";
+import metadata from "../deno.js";
+import { getTypeId } from "../vocab/type.js";
+import { Activity, DataIntegrityProof, Multikey, } from "../vocab/vocab.js";
 import { fetchKey, validateCryptoKey, } from "./key.js";
 const logger = getLogger(["fedify", "sig", "proof"]);
 /**
@@ -67,12 +70,41 @@ export async function createProof(object, privateKey, keyId, { contextLoader, co
  * @since 0.10.0
  */
 export async function signObject(object, privateKey, keyId, options = {}) {
-    const existingProofs = [];
-    for await (const proof of object.getProofs(options)) {
-        existingProofs.push(proof);
-    }
-    const proof = await createProof(object, privateKey, keyId, options);
-    return object.clone({ proofs: [...existingProofs, proof] });
+    const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+    const tracer = tracerProvider.getTracer(metadata.name, metadata.version);
+    return await tracer.startActiveSpan("object_integrity_proofs.sign", {
+        attributes: { "activitypub.object.type": getTypeId(object).href },
+    }, async (span) => {
+        try {
+            if (object.id != null) {
+                span.setAttribute("activitypub.object.id", object.id.href);
+            }
+            const existingProofs = [];
+            for await (const proof of object.getProofs(options)) {
+                existingProofs.push(proof);
+            }
+            const proof = await createProof(object, privateKey, keyId, options);
+            if (span.isRecording()) {
+                if (proof.cryptosuite != null) {
+                    span.setAttribute("object_integrity_proofs.cryptosuite", proof.cryptosuite);
+                }
+                if (proof.verificationMethodId != null) {
+                    span.setAttribute("object_integrity_proofs.key_id", proof.verificationMethodId.href);
+                }
+                if (proof.proofValue != null) {
+                    span.setAttribute("object_integrity_proofs.signature", encodeHex(proof.proofValue));
+                }
+            }
+            return object.clone({ proofs: [...existingProofs, proof] });
+        }
+        catch (error) {
+            span.setStatus({ code: SpanStatusCode.ERROR, message: String(error) });
+            throw error;
+        }
+        finally {
+            span.end();
+        }
+    });
 }
 /**
  * Verifies the given proof for the object.
@@ -85,6 +117,39 @@ export async function signObject(object, privateKey, keyId, options = {}) {
  * @since 0.10.0
  */
 export async function verifyProof(jsonLd, proof, options = {}) {
+    const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+    const tracer = tracerProvider.getTracer(metadata.name, metadata.version);
+    return await tracer.startActiveSpan("object_integrity_proofs.verify", async (span) => {
+        if (span.isRecording()) {
+            if (proof.cryptosuite != null) {
+                span.setAttribute("object_integrity_proofs.cryptosuite", proof.cryptosuite);
+            }
+            if (proof.verificationMethodId != null) {
+                span.setAttribute("object_integrity_proofs.key_id", proof.verificationMethodId.href);
+            }
+            if (proof.proofValue != null) {
+                span.setAttribute("object_integrity_proofs.signature", encodeHex(proof.proofValue));
+            }
+        }
+        try {
+            const key = await verifyProofInternal(jsonLd, proof, options);
+            if (key == null)
+                span.setStatus({ code: SpanStatusCode.ERROR });
+            return key;
+        }
+        catch (error) {
+            span.setStatus({
+                code: SpanStatusCode.ERROR,
+                message: String(error),
+            });
+            throw error;
+        }
+        finally {
+            span.end();
+        }
+    });
+}
+async function verifyProofInternal(jsonLd, proof, options) {
     if (typeof jsonLd !== "object" ||
         proof.cryptosuite !== "eddsa-jcs-2022" ||
         proof.verificationMethodId == null ||

package/esm/vocab/lookup.js

@@ -119,6 +119,7 @@ async function lookupObjectInternal(identifier, options = {}) {
         return await Object.fromJsonLd(document, {
             documentLoader,
             contextLoader: options.contextLoader,
+            tracerProvider: options.tracerProvider,
         });
     }
     catch (error) {