@fedify/fedify 1.6.0-dev.778 → 1.6.0-dev.790

package/esm/sig/http.js

@@ -2,9 +2,10 @@ import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace, } from "@opentelemetry/api";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL, } from "@opentelemetry/semantic-conventions";
-import { equals } from "../deps/jsr.io/@std/bytes/1.0.5/mod.js";
+import { timingSafeEqual } from "../deps/jsr.io/@std/crypto/1.0.4/timing_safe_equal.js";
 import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.7/base64.js";
 import { encodeHex } from "../deps/jsr.io/@std/encoding/1.0.7/hex.js";
+import { decodeDict, encodeItem, Item, } from "structured-field-values";
 import metadata from "../deno.js";
 import { CryptographicKey } from "../vocab/vocab.js";
 import { fetchKey, validateCryptoKey } from "./key.js";
@@ -18,11 +19,22 @@ import { fetchKey, validateCryptoKey } from "./key.js";
  * @throws {TypeError} If the private key is invalid or unsupported.
  */
 export async function signRequest(request, privateKey, keyId, options = {}) {
+    validateCryptoKey(privateKey, "private");
     const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
     const tracer = tracerProvider.getTracer(metadata.name, metadata.version);
     return await tracer.startActiveSpan("http_signatures.sign", async (span) => {
         try {
-            const signed = await signRequestInternal(request, privateKey, keyId, span);
+            // Choose implementation based on spec option
+            const spec = options.spec ?? "draft-cavage-http-signatures-12";
+            let signed;
+            if (spec === "rfc9421") {
+                // Pass through test options if provided
+                signed = await signRequestRfc9421(request, privateKey, keyId, span, options.currentTime);
+            }
+            else {
+                // Default to draft-cavage
+                signed = await signRequestDraft(request, privateKey, keyId, span, options.currentTime);
+            }
             if (span.isRecording()) {
                 span.setAttribute(ATTR_HTTP_REQUEST_METHOD, signed.method);
                 span.setAttribute(ATTR_URL_FULL, signed.url);
@@ -45,14 +57,13 @@ export async function signRequest(request, privateKey, keyId, options = {}) {
         }
     });
 }
-async function signRequestInternal(request, privateKey, keyId, span) {
-    validateCryptoKey(privateKey, "private");
+async function signRequestDraft(request, privateKey, keyId, span, currentTime) {
     if (privateKey.algorithm.name !== "RSASSA-PKCS1-v1_5") {
         throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
     }
     const url = new URL(request.url);
     const body = request.method !== "GET" && request.method !== "HEAD"
-        ? await request.arrayBuffer()
+        ? await request.clone().arrayBuffer()
         : null;
     const headers = new Headers(request.headers);
     if (!headers.has("Host")) {
@@ -66,7 +77,10 @@ async function signRequestInternal(request, privateKey, keyId, span) {
         }
     }
     if (!headers.has("Date")) {
-        headers.set("Date", new Date().toUTCString());
+        headers.set("Date", currentTime == null
+            ? new Date().toUTCString()
+            // FIXME: Do we have any better way to format Temporal.Instant to RFC 9421?
+            : new Date(currentTime.toString()).toUTCString());
     }
     const serialized = [
         ["(request-target)", `${request.method.toLowerCase()} ${url.pathname}`],
@@ -88,6 +102,191 @@ async function signRequestInternal(request, privateKey, keyId, span) {
         body,
     });
 }
+export function formatRfc9421SignatureParameters(params) {
+    return `alg="${params.algorithm}";keyid="${params.keyId.href}";created=${params.created}`;
+}
+/**
+ * Creates a signature base for a request according to RFC 9421.
+ * @param request The request to create a signature base for.
+ * @param components The components to include in the signature base.
+ * @param parameters The signature parameters to include in the signature base.
+ * @returns The signature base as a string.
+ */
+export function createRfc9421SignatureBase(request, components, parameters) {
+    const url = new URL(request.url);
+    // Build the base string
+    const baseComponents = [];
+    for (const component of components) {
+        let value;
+        // Process special derived components
+        if (component === "@method") {
+            value = request.method.toUpperCase();
+        }
+        else if (component === "@target-uri") {
+            value = request.url;
+        }
+        else if (component === "@authority") {
+            value = url.host;
+        }
+        else if (component === "@scheme") {
+            value = url.protocol.slice(0, -1); // Remove the trailing ':'
+        }
+        else if (component === "@request-target") {
+            value = `${request.method.toLowerCase()} ${url.pathname}${url.search}`;
+        }
+        else if (component === "@path") {
+            value = url.pathname;
+        }
+        else if (component === "@query") {
+            value = url.search.startsWith("?") ? url.search.slice(1) : url.search;
+        }
+        else if (component === "@query-param") {
+            throw new Error("@query-param requires a parameter name");
+        }
+        else if (component === "@status") {
+            throw new Error("@status is only valid for responses");
+        }
+        else if (component.startsWith("@")) {
+            throw new Error(`Unsupported derived component: ${component}`);
+        }
+        else {
+            // Regular header
+            value = request.headers.get(component) || "";
+        }
+        // Format the component as per RFC 9421 Section 2.1
+        baseComponents.push(`"${component}": ${value}`);
+    }
+    // Add the signature parameters component at the end
+    const sigComponents = components.map((c) => `"${c}"`).join(" ");
+    baseComponents.push(`"@signature-params": (${sigComponents});${parameters}`);
+    return baseComponents.join("\n");
+}
+/**
+ * Formats a signature using rfc9421 format.
+ * @param signature The raw signature bytes.
+ * @param components The components that were signed.
+ * @param parameters The signature parameters.
+ * @returns The formatted signature string.
+ */
+export function formatRfc9421Signature(signature, components, parameters) {
+    const signatureInputValue = `sig1=("${components.join('" "')}");${parameters}`;
+    const signatureValue = `sig1=:${encodeBase64(signature)}:`;
+    return [signatureInputValue, signatureValue];
+}
+/**
+ * Parse RFC 9421 Signature-Input header.
+ * @param signatureInput The Signature-Input header value.
+ * @returns Parsed signature input parameters.
+ */
+export function parseRfc9421SignatureInput(signatureInput) {
+    let dict;
+    try {
+        dict = decodeDict(signatureInput);
+    }
+    catch (error) {
+        getLogger(["fedify", "sig", "http"]).debug("Failed to parse Signature-Input header: {signatureInput}", { signatureInput, error });
+        return {};
+    }
+    const result = {};
+    for (const [label, item] of Object.entries(dict)) {
+        if (!Array.isArray(item.value) ||
+            typeof item.params.keyid !== "string" ||
+            typeof item.params.created !== "number")
+            continue;
+        const components = item.value
+            .map((subitem) => subitem.value)
+            .filter((v) => typeof v === "string");
+        const params = encodeItem(new Item(0, item.params));
+        result[label] = {
+            keyId: item.params.keyid,
+            alg: item.params.alg,
+            created: item.params.created,
+            components,
+            parameters: params.slice(params.indexOf(";") + 1),
+        };
+    }
+    return result;
+}
+/**
+ * Parse RFC 9421 Signature header.
+ * @param signature The Signature header value.
+ * @returns Parsed signature values.
+ */
+export function parseRfc9421Signature(signature) {
+    let dict;
+    try {
+        dict = decodeDict(signature);
+    }
+    catch (error) {
+        getLogger(["fedify", "sig", "http"]).debug("Failed to parse Signature header: {signature}", { signature, error });
+        return {};
+    }
+    const result = {};
+    for (const [key, value] of Object.entries(dict)) {
+        if (value.value instanceof Uint8Array) {
+            result[key] = value.value;
+        }
+    }
+    return result;
+}
+async function signRequestRfc9421(request, privateKey, keyId, span, currentTime) {
+    if (privateKey.algorithm.name !== "RSASSA-PKCS1-v1_5") {
+        throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
+    }
+    const url = new URL(request.url);
+    const body = request.method !== "GET" && request.method !== "HEAD"
+        ? await request.clone().arrayBuffer()
+        : null;
+    const headers = new Headers(request.headers);
+    if (!headers.has("Host")) {
+        headers.set("Host", url.host);
+    }
+    if (!headers.has("Content-Digest") && body != null) {
+        // RFC 9421 uses Content-Digest instead of Digest
+        const digest = await dntShim.crypto.subtle.digest("SHA-256", body);
+        headers.set("Content-Digest", `sha-256=:${encodeBase64(digest)}:`);
+        if (span.isRecording()) {
+            span.setAttribute("http_signatures.digest.sha-256", encodeHex(digest));
+        }
+    }
+    // Use provided timestamp or current time
+    const created = (currentTime ?? dntShim.Temporal.Now.instant()).epochMilliseconds /
+        1000;
+    // Define components to include in the signature
+    const components = [
+        "@method",
+        "@target-uri",
+        "@authority",
+        "host",
+        "date",
+    ];
+    if (body != null) {
+        components.push("content-digest");
+    }
+    // Generate the signature base using the headers
+    const signatureParams = formatRfc9421SignatureParameters({
+        algorithm: "rsa-v1_5-sha256",
+        keyId,
+        created,
+    });
+    const signatureBase = createRfc9421SignatureBase(new Request(request.url, {
+        method: request.method,
+        headers,
+    }), components, signatureParams);
+    // Sign the signature base
+    const signatureBytes = await dntShim.crypto.subtle.sign("RSASSA-PKCS1-v1_5", privateKey, new TextEncoder().encode(signatureBase));
+    // Format the signature according to RFC 9421
+    const [signatureInput, signature] = formatRfc9421Signature(signatureBytes, components, signatureParams);
+    // Add the signature headers
+    headers.set("Signature-Input", signatureInput);
+    headers.set("Signature", signature);
+    if (span.isRecording()) {
+        span.setAttribute("http_signatures.algorithm", "rsa-v1_5-sha256");
+        span.setAttribute("http_signatures.signature", encodeHex(signatureBytes));
+        span.setAttribute("http_signatures.created", created.toString());
+    }
+    return new Request(request, { headers, body });
+}
 const supportedHashAlgorithms = {
     "sha": "SHA-1",
     "sha-256": "SHA-256",
@@ -118,7 +317,20 @@ export async function verifyRequest(request, options = {}) {
             }
         }
         try {
-            const key = await verifyRequestInternal(request, span, options);
+            // Choose implementation based on spec option
+            let spec = options.spec;
+            if (spec == null) {
+                spec = request.headers.has("Signature-Input")
+                    ? "rfc9421"
+                    : "draft-cavage-http-signatures-12";
+            }
+            let key;
+            if (spec === "rfc9421") {
+                key = await verifyRequestRfc9421(request, span, options);
+            }
+            else {
+                key = await verifyRequestDraft(request, span, options);
+            }
             if (key == null)
                 span.setStatus({ code: SpanStatusCode.ERROR });
             return key;
@@ -135,7 +347,7 @@ export async function verifyRequest(request, options = {}) {
         }
     });
 }
-async function verifyRequestInternal(request, span, { documentLoader, contextLoader, timeWindow, currentTime, keyCache, tracerProvider, } = {}) {
+async function verifyRequestDraft(request, span, { documentLoader, contextLoader, timeWindow, currentTime, keyCache, tracerProvider, } = {}) {
     const logger = getLogger(["fedify", "sig", "http"]);
     if (request.bodyUsed) {
         logger.error("Failed to verify; the request body is already consumed.", { url: request.url });
@@ -187,7 +399,7 @@ async function verifyRequestInternal(request, span, { documentLoader, contextLoa
                 span.setAttribute(`http_signatures.digest.${algo}`, encodeHex(digest));
             }
             const expectedDigest = await dntShim.crypto.subtle.digest(supportedHashAlgorithms[algo], body);
-            if (!equals(digest, new Uint8Array(expectedDigest))) {
+            if (!timingSafeEqual(digest, new Uint8Array(expectedDigest))) {
                 logger.debug("Failed to verify; digest mismatch ({algorithm}): " +
                     "{digest} != {expectedDigest}.", {
                     algorithm: algo,
@@ -290,3 +502,310 @@ async function verifyRequestInternal(request, span, { documentLoader, contextLoa
     }
     return key;
 }
+/**
+ * RFC 9421 map of algorithm identifiers to WebCrypto algorithms
+ */
+const rfc9421AlgorithmMap = {
+    "rsa-v1_5-sha256": { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+    "rsa-v1_5-sha512": { name: "RSASSA-PKCS1-v1_5", hash: "SHA-512" },
+    "rsa-pss-sha512": { name: "RSA-PSS", hash: "SHA-512" },
+    "ecdsa-p256-sha256": { name: "ECDSA", hash: "SHA-256" },
+    "ecdsa-p384-sha384": { name: "ECDSA", hash: "SHA-384" },
+    "ed25519": { name: "Ed25519" },
+};
+/**
+ * Verifies a Content-Digest header according to RFC 9421.
+ * @param digestHeader The Content-Digest header value.
+ * @param body The message body to verify against.
+ * @returns Whether the digest is valid.
+ */
+async function verifyRfc9421ContentDigest(digestHeader, body) {
+    const digests = digestHeader.split(",").map((pair) => {
+        pair = pair.trim();
+        const pos = pair.indexOf("=");
+        const algo = pos < 0 ? pair : pair.slice(0, pos);
+        const value = pos < 0 ? "" : pair.slice(pos + 1);
+        return { algo: algo.trim().toLowerCase(), value: value.trim() };
+    });
+    for (const { algo, value } of digests) {
+        // Extract hash algorithm
+        let hashAlgo;
+        if (algo === "sha-256") {
+            hashAlgo = "SHA-256";
+        }
+        else if (algo === "sha-512") {
+            hashAlgo = "SHA-512";
+        }
+        else {
+            // Unsupported algorithm
+            continue;
+        }
+        // Process RFC 9421 format: sha-256=:base64value:
+        const base64Match = value.match(/^:([^:]+):$/);
+        if (!base64Match)
+            continue;
+        let digest;
+        try {
+            digest = decodeBase64(base64Match[1]);
+        }
+        catch {
+            // Invalid base64 encoding
+            continue;
+        }
+        // Calculate and compare digests
+        const calculatedDigest = await dntShim.crypto.subtle.digest(hashAlgo, body);
+        if (timingSafeEqual(digest, new Uint8Array(calculatedDigest))) {
+            return true;
+        }
+    }
+    return false;
+}
+async function verifyRequestRfc9421(request, span, { documentLoader, contextLoader, timeWindow, currentTime, keyCache, tracerProvider, } = {}) {
+    const logger = getLogger(["fedify", "sig", "http"]);
+    if (request.bodyUsed) {
+        logger.error("Failed to verify; the request body is already consumed.", { url: request.url });
+        return null;
+    }
+    else if (request.body?.locked) {
+        logger.error("Failed to verify; the request body is locked.", { url: request.url });
+        return null;
+    }
+    const originalRequest = request;
+    request = request.clone();
+    // Check for required headers
+    const signatureInputHeader = request.headers.get("Signature-Input");
+    if (!signatureInputHeader) {
+        logger.debug("Failed to verify; no Signature-Input header found.", { headers: Object.fromEntries(request.headers.entries()) });
+        return null;
+    }
+    const signatureHeader = request.headers.get("Signature");
+    if (!signatureHeader) {
+        logger.debug("Failed to verify; no Signature header found.", { headers: Object.fromEntries(request.headers.entries()) });
+        return null;
+    }
+    // Parse the Signature-Input and Signature headers
+    const signatureInputs = parseRfc9421SignatureInput(signatureInputHeader);
+    logger.debug("Parsed Signature-Input header: {signatureInputs}", { signatureInputs });
+    const signatures = parseRfc9421Signature(signatureHeader);
+    // Check if we have at least one signature to verify
+    const signatureNames = Object.keys(signatureInputs);
+    if (signatureNames.length === 0) {
+        logger.debug("Failed to verify; no valid signatures found in Signature-Input header.", { header: signatureInputHeader });
+        return null;
+    }
+    // Verify the first signature we can find
+    // In practice, we could implement signature selection logic here
+    let validKey = null;
+    for (const sigName of signatureNames) {
+        // Skip if we don't have the signature bytes
+        if (!signatures[sigName]) {
+            continue;
+        }
+        const sigInput = signatureInputs[sigName];
+        const sigBytes = signatures[sigName];
+        // Validate signature input parameters
+        if (!sigInput.keyId) {
+            logger.debug("Failed to verify; missing keyId in signature {signatureName}.", { signatureName: sigName, signatureInput: signatureInputHeader });
+            continue;
+        }
+        if (!sigInput.created) {
+            logger.debug("Failed to verify; missing created timestamp in signature {signatureName}.", { signatureName: sigName, signatureInput: signatureInputHeader });
+            continue;
+        }
+        // Check timestamp validity
+        const signatureCreated = dntShim.Temporal.Instant.fromEpochMilliseconds(sigInput.created * 1000);
+        const now = currentTime ?? dntShim.Temporal.Now.instant();
+        if (timeWindow !== false) {
+            const tw = timeWindow ??
+                { hours: 1 };
+            if (dntShim.Temporal.Instant.compare(signatureCreated, now.add(tw)) > 0) {
+                logger.debug("Failed to verify; signature created time is too far in the future.", { created: signatureCreated.toString(), now: now.toString() });
+                continue;
+            }
+            else if (dntShim.Temporal.Instant.compare(signatureCreated, now.subtract(tw)) < 0) {
+                logger.debug("Failed to verify; signature created time is too far in the past.", { created: signatureCreated.toString(), now: now.toString() });
+                continue;
+            }
+        }
+        // Verify Content-Digest if present and required
+        if (request.method !== "GET" &&
+            request.method !== "HEAD" &&
+            sigInput.components.includes("content-digest")) {
+            const contentDigestHeader = request.headers.get("Content-Digest");
+            if (!contentDigestHeader) {
+                logger.debug("Failed to verify; Content-Digest header required but not found.", { components: sigInput.components });
+                continue;
+            }
+            const body = await request.arrayBuffer();
+            const digestValid = await verifyRfc9421ContentDigest(contentDigestHeader, body);
+            if (!digestValid) {
+                logger.debug("Failed to verify; Content-Digest verification failed.", { contentDigest: contentDigestHeader });
+                continue;
+            }
+        }
+        // Fetch the public key
+        span?.setAttribute("http_signatures.key_id", sigInput.keyId);
+        span?.setAttribute("http_signatures.created", sigInput.created.toString());
+        const { key, cached } = await fetchKey(new URL(sigInput.keyId), CryptographicKey, {
+            documentLoader,
+            contextLoader,
+            keyCache,
+            tracerProvider,
+        });
+        if (!key) {
+            logger.debug("Failed to fetch key: {keyId}", { keyId: sigInput.keyId });
+            continue;
+        }
+        // Map algorithm name to WebCrypto algorithm
+        let alg = sigInput.alg?.toLowerCase();
+        if (alg == null) {
+            if (key.publicKey.algorithm.name === "RSASSA-PKCS1-v1_5") {
+                alg = "hash" in key.publicKey.algorithm
+                    ? (key.publicKey.algorithm.hash === "SHA-512"
+                        ? "rsa-v1_5-sha512"
+                        : "rsa-v1_5-sha256")
+                    : "rsa-v1_5-sha256";
+            }
+            else if (key.publicKey.algorithm.name === "RSA-PSS") {
+                alg = "rsa-pss-sha512";
+            }
+            else if (key.publicKey.algorithm.name === "ECDSA") {
+                alg = "namedCurve" in key.publicKey.algorithm &&
+                    key.publicKey.algorithm.namedCurve === "P-256"
+                    ? "ecdsa-p256-sha256"
+                    : "ecdsa-p384-sha384";
+            }
+            else if (key.publicKey.algorithm.name === "Ed25519") {
+                alg = "ed25519";
+            }
+        }
+        if (alg)
+            span?.setAttribute("http_signatures.algorithm", alg);
+        const algorithm = alg && rfc9421AlgorithmMap[alg];
+        if (!algorithm) {
+            logger.debug("Failed to verify; unsupported algorithm: {algorithm}", {
+                algorithm: sigInput.alg,
+                supported: Object.keys(rfc9421AlgorithmMap),
+            });
+            continue;
+        }
+        // Rebuild the signature base for verification
+        const signatureBase = createRfc9421SignatureBase(request, sigInput.components, sigInput.parameters);
+        const signatureBaseBytes = new TextEncoder().encode(signatureBase);
+        // Verify the signature
+        span?.setAttribute("http_signatures.signature", encodeHex(sigBytes));
+        try {
+            const verified = await dntShim.crypto.subtle.verify(algorithm, key.publicKey, sigBytes, signatureBaseBytes);
+            if (verified) {
+                validKey = key;
+                break;
+            }
+            else if (cached) {
+                // If we used a cached key and verification failed, try fetching fresh key
+                logger.debug("Failed to verify with cached key {keyId}; retrying with fresh key...", { keyId: sigInput.keyId });
+                return await verifyRequest(originalRequest, {
+                    documentLoader,
+                    contextLoader,
+                    timeWindow,
+                    currentTime,
+                    keyCache: {
+                        get: () => Promise.resolve(undefined),
+                        set: async (keyId, key) => await keyCache?.set(keyId, key),
+                    },
+                    spec: "rfc9421",
+                });
+            }
+            else {
+                logger.debug("Failed to verify signature with fetched key {keyId}; signature invalid.", { keyId: sigInput.keyId, signatureBase });
+            }
+        }
+        catch (error) {
+            logger.debug("Error during signature verification: {error}", { error, keyId: sigInput.keyId, algorithm: sigInput.alg });
+        }
+    }
+    return validKey;
+}
+/**
+ * Performs a double-knock request to the given URL.  For the details of
+ * double-knocking, see
+ * <https://swicg.github.io/activitypub-http-signature/#how-to-upgrade-supported-versions>.
+ * @param request The request to send.
+ * @param identity The identity to use for signing the request.
+ * @param options The options for double-knock requests.
+ * @returns The response to the request.
+ * @since 1.6.0
+ */
+export async function doubleKnock(request, identity, options = {}) {
+    const { specDeterminer, log, tracerProvider } = options;
+    const origin = new URL(request.url).origin;
+    const firstTrySpec = specDeterminer == null
+        ? "rfc9421"
+        : await specDeterminer.determineSpec(origin);
+    let signedRequest = await signRequest(request, identity.privateKey, identity.keyId, { spec: firstTrySpec, tracerProvider });
+    log?.(signedRequest);
+    let response = await fetch(signedRequest, {
+        // Since Bun has a bug that ignores the `Request.redirect` option,
+        // to work around it we specify `redirect: "manual"` here too:
+        // https://github.com/oven-sh/bun/issues/10754
+        redirect: "manual",
+    });
+    // Follow redirects manually to get the final URL:
+    if (response.status >= 300 && response.status < 400 &&
+        response.headers.has("Location")) {
+        const location = response.headers.get("Location");
+        const body = request.method !== "GET" && request.method !== "HEAD"
+            ? await request.clone().arrayBuffer()
+            : undefined;
+        return doubleKnock(new Request(location, {
+            method: request.method,
+            headers: request.headers,
+            body,
+            redirect: "manual",
+            signal: request.signal,
+            mode: request.mode,
+            credentials: request.credentials,
+            referrer: request.referrer,
+            referrerPolicy: request.referrerPolicy,
+            integrity: request.integrity,
+            keepalive: request.keepalive,
+        }), identity, options);
+    }
+    else if (response.status === 400 || response.status === 401) {
+        // verification failed; retry with the other spec of HTTP Signatures
+        // (double-knocking; see https://swicg.github.io/activitypub-http-signature/#how-to-upgrade-supported-versions)
+        const spec = firstTrySpec === "draft-cavage-http-signatures-12"
+            ? "rfc9421"
+            : "draft-cavage-http-signatures-12";
+        getLogger(["fedify", "sig", "http"]).debug("Failed to verify with the spec {spec} ({status} {statusText}); retrying with spec {secondSpec}... (double-knocking)", {
+            spec: firstTrySpec,
+            secondSpec: spec,
+            status: response.status,
+            statusText: response.statusText,
+        });
+        signedRequest = await signRequest(request, identity.privateKey, identity.keyId, { spec, tracerProvider });
+        log?.(signedRequest);
+        response = await fetch(signedRequest, {
+            // Since Bun has a bug that ignores the `Request.redirect` option,
+            // to work around it we specify `redirect: "manual"` here too:
+            // https://github.com/oven-sh/bun/issues/10754
+            redirect: "manual",
+        });
+        // Follow redirects manually to get the final URL:
+        if (response.status >= 300 && response.status < 400 &&
+            response.headers.has("Location")) {
+            const location = response.headers.get("Location");
+            const body = request.method !== "GET" && request.method !== "HEAD"
+                ? request.clone().body
+                : null;
+            return doubleKnock(new Request(location, { ...request, body }), identity, options);
+        }
+        else if (response.status !== 400 && response.status !== 401) {
+            await specDeterminer?.rememberSpec(origin, spec);
+        }
+    }
+    else {
+        await specDeterminer?.rememberSpec(origin, firstTrySpec);
+    }
+    return response;
+}
+// cSpell: ignore keyid

package/esm/sig/key.js

@@ -70,7 +70,10 @@ export function generateCryptoKeyPair(algorithm) {
  */
 export async function exportJwk(key) {
     validateCryptoKey(key);
-    return await dntShim.crypto.subtle.exportKey("jwk", key);
+    const jwk = await dntShim.crypto.subtle.exportKey("jwk", key);
+    if (jwk.crv === "Ed25519")
+        jwk.alg = "Ed25519";
+    return jwk;
 }
 /**
  * Imports a key from JWK format.

package/esm/testing/fixtures/remote.domain/users/bob

@@ -0,0 +1,20 @@
+{
+  "@context": [
+    "https://www.w3.org/ns/activitystreams",
+    "https://w3id.org/security/v1",
+    "https://w3id.org/security/multikey/v1",
+    "https://w3id.org/security/data-integrity/v1",
+    "https://www.w3.org/ns/did/v1"
+  ],
+  "id": "https://remote.domain/users/bob",
+  "type": "Person",
+  "name": "Bob",
+  "publicKey": [
+    {
+      "id": "https://remote.domain/users/bob#main-key",
+      "type": "CryptographicKey",
+      "owner": "https://remote.domain/users/bob",
+      "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIAYvNFGbZ5g4iiK6feS\ndXD4bDStFM58A7tHycYXaYtzZQpIeHXAmaXuZzXIwtrP4N0gIk8JNwZvXj2UPS+S\n07t0V9wNK94he01LV5EMz/GN4eNnFmDL64HIEuKLvV8TvgjbUPRD6Y5X0UpKi2ZI\nFLSb96Q5w0Z/k7ntpVKV52y8kz5Fjr/O/0JuHryZe0yItzJh8kzFfeMf0EXzfSna\nKvT7P9jhgC6uTre+jXyvVZjiHDrnqvvucdI3I7DRfXo1OqARBrLjy+TdseUAjNYJ\n+OuPRI1URIWQI01DCHqcohVu9+Ar+BiCjFp3ua+XMuJvrvbD61d1Fvig/9nbBRR+\n8QIDAQAB\n-----END PUBLIC KEY-----\n"
+    }
+  ]
+}