@fedify/fedify 2.1.0-dev.408 → 2.1.0-dev.418

package/dist/{key-Cw2GXzkv.js → key-BqMOdwtv.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default } from "./deno-D_VnPW-Y.js";
+import { deno_default } from "./deno-RllegzSG.js";
 import { getLogger } from "@logtape/logtape";
 import { CryptographicKey, Object as Object$1, isActor } from "@fedify/vocab";
 import { getDocumentLoader } from "@fedify/vocab-runtime";

package/dist/{kv-cache-K6GW8-uS.js → kv-cache-DjYerrCe.js}

@@ -2,7 +2,7 @@
           import { Temporal } from "@js-temporal/polyfill";
           import { URLPattern } from "urlpattern-polyfill";
         
-import { doubleKnock, validateCryptoKey } from "./http-C3oMHumD.js";
+import { doubleKnock, validateCryptoKey } from "./http-BNiAwNU-.js";
 import { getLogger } from "@logtape/logtape";
 import { curry } from "es-toolkit";
 import { UrlError, createActivityPubRequest, getRemoteDocument, logRequest, preloadedContexts, validatePublicUrl } from "@fedify/vocab-runtime";

package/dist/{kv-cache-YG3yAJRb.cjs → kv-cache-zyDjqzjm.cjs}

@@ -3,7 +3,7 @@
           const { URLPattern } = require("urlpattern-polyfill");
         
 const require_chunk = require('./chunk-CGaQZ11T.cjs');
-const require_http = require('./http-B-epypwc.cjs');
+const require_http = require('./http-Due1pojF.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
 const es_toolkit = require_chunk.__toESM(require("es-toolkit"));
 const __fedify_vocab_runtime = require_chunk.__toESM(require("@fedify/vocab-runtime"));

package/dist/{ld-D4-RbyP8.js → ld-BMgYSVTZ.js}

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default } from "./deno-D_VnPW-Y.js";
-import { fetchKey, validateCryptoKey } from "./key-Cw2GXzkv.js";
+import { deno_default } from "./deno-RllegzSG.js";
+import { fetchKey, validateCryptoKey } from "./key-BqMOdwtv.js";
 import { getLogger } from "@logtape/logtape";
 import { Activity, CryptographicKey, Object as Object$1, getTypeId } from "@fedify/vocab";
 import { getDocumentLoader } from "@fedify/vocab-runtime";

package/dist/{middleware-CVGms5AS.js → middleware-B2L4AM_o.js}

@@ -3,24 +3,24 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import "./deno-D_VnPW-Y.js";
-import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-Co3x1vLV.js";
+import "./deno-RllegzSG.js";
+import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-CpOJCVxU.js";
 import "./client-Dg7OfUDA.js";
 import "./router-D9eI0s4b.js";
 import "./types-CPz01LGH.js";
-import "./key-Cw2GXzkv.js";
-import "./http-CFILUWFj.js";
-import "./ld-D4-RbyP8.js";
-import "./owner-BJOuHY_S.js";
-import "./proof-VvmjtuyP.js";
-import "./docloader-D7xSU1xb.js";
+import "./key-BqMOdwtv.js";
+import "./http-Cvsk5Skd.js";
+import "./ld-BMgYSVTZ.js";
+import "./owner-rwfm7c6o.js";
+import "./proof-CV9ObID1.js";
+import "./docloader-Bue7Ij3R.js";
 import "./kv-cache-B__dHl7g.js";
-import "./inbox-FsU-ifET.js";
-import "./builder-DqJQtxW4.js";
+import "./inbox-CYce8kRg.js";
+import "./builder-Dr8wJfzL.js";
 import "./collection-CcnIw1qY.js";
 import "./keycache-DRxpZ5r9.js";
 import "./negotiation-5NPJL6zp.js";
 import "./retry-D4GJ670a.js";
-import "./send-DYC2LvJZ.js";
+import "./send-BUsEdmU0.js";
 
 export { FederationImpl };

package/dist/middleware-BFRIkXyv.cjs

@@ -0,0 +1,12 @@
+
+          const { Temporal } = require("@js-temporal/polyfill");
+          const { URLPattern } = require("urlpattern-polyfill");
+        
+require('./transformers-3g8GZwkZ.cjs');
+require('./http-Due1pojF.cjs');
+const require_middleware = require('./middleware-CfgAMF_j.cjs');
+require('./proof-CVHxb_s9.cjs');
+require('./types-Cd_hszr_.cjs');
+require('./kv-cache-zyDjqzjm.cjs');
+
+exports.FederationImpl = require_middleware.FederationImpl;

package/dist/{middleware-ByN4qQt0.js → middleware-BQ3c3mRY.js}

@@ -3,10 +3,10 @@
           import { URLPattern } from "urlpattern-polyfill";
         
 import { getDefaultActivityTransformers } from "./transformers-C3FLHUd6.js";
-import { deno_default, doubleKnock, exportJwk, importJwk, validateCryptoKey, verifyRequest } from "./http-C3oMHumD.js";
-import { detachSignature, doesActorOwnKey, getKeyOwner, hasSignature, signJsonLd, signObject, verifyJsonLd, verifyObject } from "./proof-BNcJ_Sa_.js";
+import { deno_default, doubleKnock, exportJwk, importJwk, validateCryptoKey, verifyRequest } from "./http-BNiAwNU-.js";
+import { detachSignature, doesActorOwnKey, getKeyOwner, hasSignature, signJsonLd, signObject, verifyJsonLd, verifyObject } from "./proof-BSXD3gxs.js";
 import { getNodeInfo, nodeInfoToJson } from "./types-C93Ob9cU.js";
-import { getAuthenticatedDocumentLoader, kvCache } from "./kv-cache-K6GW8-uS.js";
+import { getAuthenticatedDocumentLoader, kvCache } from "./kv-cache-DjYerrCe.js";
 import { getLogger, withContext } from "@logtape/logtape";
 import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
@@ -15,7 +15,7 @@ import { Router } from "uri-template-router";
 import { parseTemplate } from "url-template";
 import { encodeHex } from "byte-encodings/hex";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_HEADER, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
-import { getDocumentLoader } from "@fedify/vocab-runtime";
+import { FetchError, getDocumentLoader } from "@fedify/vocab-runtime";
 import { lookupWebFinger } from "@fedify/webfinger";
 import { domainToASCII } from "node:url";
 
@@ -338,7 +338,7 @@ var FederationBuilderImpl = class {
 		this.collectionTypeIds = {};
 	}
 	async build(options) {
-		const { FederationImpl: FederationImpl$1 } = await import("./middleware-D_wNj9p6.js");
+		const { FederationImpl: FederationImpl$1 } = await import("./middleware-CgEEF8s6.js");
 		const f = new FederationImpl$1(options);
 		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
 		f.router = this.router.clone();
@@ -993,25 +993,7 @@ async function handleActor(request, { identifier, context: context$1, actorDispa
 		return await onNotFound(request);
 	}
 	if (authorizePredicate != null) {
-		let key = await context$1.getSignedKey();
-		key = key?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"actor"
-			],
-			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-		} }) ?? null;
-		let keyOwner = await context$1.getSignedKeyOwner();
-		keyOwner = keyOwner?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"actor"
-			],
-			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-		} }) ?? null;
-		if (!await authorizePredicate(context$1, identifier, key, keyOwner)) return await onUnauthorized(request);
+		if (!await authorizePredicate(context$1, identifier)) return await onUnauthorized(request);
 	}
 	const jsonLd = await actor.toJsonLd(context$1);
 	return new Response(JSON.stringify(jsonLd), { headers: {
@@ -1031,25 +1013,7 @@ async function handleObject(request, { values, context: context$1, objectDispatc
 	const object = await objectDispatcher(context$1, values);
 	if (object == null) return await onNotFound(request);
 	if (authorizePredicate != null) {
-		let key = await context$1.getSignedKey();
-		key = key?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"object"
-			],
-			message: "The third parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-		} }) ?? null;
-		let keyOwner = await context$1.getSignedKeyOwner();
-		keyOwner = keyOwner?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"object"
-			],
-			message: "The fourth parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-		} }) ?? null;
-		if (!await authorizePredicate(context$1, values, key, keyOwner)) return await onUnauthorized(request);
+		if (!await authorizePredicate(context$1, values)) return await onUnauthorized(request);
 	}
 	const jsonLd = await object.toJsonLd(context$1);
 	return new Response(JSON.stringify(jsonLd), { headers: {
@@ -1181,25 +1145,7 @@ async function handleCollection(request, { name, identifier, uriGetter, filter,
 		});
 	}
 	if (collectionCallbacks.authorizePredicate != null) {
-		let key = await context$1.getSignedKey();
-		key = key?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"collection"
-			],
-			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-		} }) ?? null;
-		let keyOwner = await context$1.getSignedKeyOwner();
-		keyOwner = keyOwner?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"collection"
-			],
-			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-		} }) ?? null;
-		if (!await collectionCallbacks.authorizePredicate(context$1, identifier, key, keyOwner)) return await onUnauthorized(request);
+		if (!await collectionCallbacks.authorizePredicate(context$1, identifier)) return await onUnauthorized(request);
 	}
 	const jsonLd = await collection.toJsonLd(context$1);
 	return new Response(JSON.stringify(jsonLd), { headers: {
@@ -1850,28 +1796,7 @@ const verifyDefined = (callbacks) => {
 */
 const authIfNeeded = async (context$1, values, { authorizePredicate: authorize = void 0 }) => {
 	if (authorize === void 0) return;
-	const key = (await context$1.getSignedKey())?.clone({}, warning.key) ?? null;
-	const keyOwner = (await context$1.getSignedKeyOwner())?.clone({}, warning.keyOwner) ?? null;
-	if (!await authorize(context$1, values, key, keyOwner)) throw new UnauthorizedError();
-};
-/** Warning messages for `authIfNeeded`. */
-const warning = {
-	key: { $warning: {
-		category: [
-			"fedify",
-			"federation",
-			"collection"
-		],
-		message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-	} },
-	keyOwner: { $warning: {
-		category: [
-			"fedify",
-			"federation",
-			"collection"
-		],
-		message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-	} }
+	if (!await authorize(context$1, values)) throw new UnauthorizedError();
 };
 /**
 * Appends a cursor parameter to a URL if the cursor exists.
@@ -3955,11 +3880,27 @@ var RequestContextImpl = class RequestContextImpl extends ContextImpl {
 		if (this.#signedKeyOwner != null) return this.#signedKeyOwner;
 		const key = await this.getSignedKey(options);
 		if (key == null) return this.#signedKeyOwner = null;
-		return this.#signedKeyOwner = await getKeyOwner(key, {
-			contextLoader: options.contextLoader ?? this.contextLoader,
-			documentLoader: options.documentLoader ?? this.documentLoader,
-			tracerProvider: options.tracerProvider ?? this.tracerProvider
-		});
+		try {
+			return this.#signedKeyOwner = await getKeyOwner(key, {
+				contextLoader: options.contextLoader ?? this.contextLoader,
+				documentLoader: options.documentLoader ?? this.documentLoader,
+				tracerProvider: options.tracerProvider ?? this.tracerProvider
+			});
+		} catch (error) {
+			if (error instanceof FetchError) {
+				getLogger([
+					"fedify",
+					"federation",
+					"actor"
+				]).warn("Failed to fetch the key owner {keyOwner} of {keyId} while verifying the request signature; treating the request as unauthenticated: {error}", {
+					keyId: key.id?.href,
+					keyOwner: error.url.href,
+					error
+				});
+				return this.#signedKeyOwner = null;
+			}
+			throw error;
+		}
 	}
 };
 var InboxContextImpl = class InboxContextImpl extends ContextImpl {

package/dist/{middleware-CzNcdhiV.cjs → middleware-CfgAMF_j.cjs}

@@ -4,10 +4,10 @@
         
 const require_chunk = require('./chunk-CGaQZ11T.cjs');
 const require_transformers = require('./transformers-3g8GZwkZ.cjs');
-const require_http = require('./http-B-epypwc.cjs');
-const require_proof = require('./proof-BmYdRz_f.cjs');
+const require_http = require('./http-Due1pojF.cjs');
+const require_proof = require('./proof-CVHxb_s9.cjs');
 const require_types = require('./types-Cd_hszr_.cjs');
-const require_kv_cache = require('./kv-cache-YG3yAJRb.cjs');
+const require_kv_cache = require('./kv-cache-zyDjqzjm.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
 const __fedify_vocab = require_chunk.__toESM(require("@fedify/vocab"));
 const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));
@@ -339,7 +339,7 @@ var FederationBuilderImpl = class {
 		this.collectionTypeIds = {};
 	}
 	async build(options) {
-		const { FederationImpl: FederationImpl$1 } = await Promise.resolve().then(() => require("./middleware-DWhDjC7Z.cjs"));
+		const { FederationImpl: FederationImpl$1 } = await Promise.resolve().then(() => require("./middleware-BFRIkXyv.cjs"));
 		const f = new FederationImpl$1(options);
 		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
 		f.router = this.router.clone();
@@ -994,25 +994,7 @@ async function handleActor(request, { identifier, context: context$2, actorDispa
 		return await onNotFound(request);
 	}
 	if (authorizePredicate != null) {
-		let key = await context$2.getSignedKey();
-		key = key?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"actor"
-			],
-			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-		} }) ?? null;
-		let keyOwner = await context$2.getSignedKeyOwner();
-		keyOwner = keyOwner?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"actor"
-			],
-			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-		} }) ?? null;
-		if (!await authorizePredicate(context$2, identifier, key, keyOwner)) return await onUnauthorized(request);
+		if (!await authorizePredicate(context$2, identifier)) return await onUnauthorized(request);
 	}
 	const jsonLd = await actor.toJsonLd(context$2);
 	return new Response(JSON.stringify(jsonLd), { headers: {
@@ -1032,25 +1014,7 @@ async function handleObject(request, { values, context: context$2, objectDispatc
 	const object = await objectDispatcher(context$2, values);
 	if (object == null) return await onNotFound(request);
 	if (authorizePredicate != null) {
-		let key = await context$2.getSignedKey();
-		key = key?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"object"
-			],
-			message: "The third parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-		} }) ?? null;
-		let keyOwner = await context$2.getSignedKeyOwner();
-		keyOwner = keyOwner?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"object"
-			],
-			message: "The fourth parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-		} }) ?? null;
-		if (!await authorizePredicate(context$2, values, key, keyOwner)) return await onUnauthorized(request);
+		if (!await authorizePredicate(context$2, values)) return await onUnauthorized(request);
 	}
 	const jsonLd = await object.toJsonLd(context$2);
 	return new Response(JSON.stringify(jsonLd), { headers: {
@@ -1182,25 +1146,7 @@ async function handleCollection(request, { name, identifier, uriGetter, filter,
 		});
 	}
 	if (collectionCallbacks.authorizePredicate != null) {
-		let key = await context$2.getSignedKey();
-		key = key?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"collection"
-			],
-			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-		} }) ?? null;
-		let keyOwner = await context$2.getSignedKeyOwner();
-		keyOwner = keyOwner?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"collection"
-			],
-			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-		} }) ?? null;
-		if (!await collectionCallbacks.authorizePredicate(context$2, identifier, key, keyOwner)) return await onUnauthorized(request);
+		if (!await collectionCallbacks.authorizePredicate(context$2, identifier)) return await onUnauthorized(request);
 	}
 	const jsonLd = await collection.toJsonLd(context$2);
 	return new Response(JSON.stringify(jsonLd), { headers: {
@@ -1851,28 +1797,7 @@ const verifyDefined = (callbacks) => {
 */
 const authIfNeeded = async (context$2, values, { authorizePredicate: authorize = void 0 }) => {
 	if (authorize === void 0) return;
-	const key = (await context$2.getSignedKey())?.clone({}, warning.key) ?? null;
-	const keyOwner = (await context$2.getSignedKeyOwner())?.clone({}, warning.keyOwner) ?? null;
-	if (!await authorize(context$2, values, key, keyOwner)) throw new UnauthorizedError();
-};
-/** Warning messages for `authIfNeeded`. */
-const warning = {
-	key: { $warning: {
-		category: [
-			"fedify",
-			"federation",
-			"collection"
-		],
-		message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-	} },
-	keyOwner: { $warning: {
-		category: [
-			"fedify",
-			"federation",
-			"collection"
-		],
-		message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-	} }
+	if (!await authorize(context$2, values)) throw new UnauthorizedError();
 };
 /**
 * Appends a cursor parameter to a URL if the cursor exists.
@@ -3956,11 +3881,27 @@ var RequestContextImpl = class RequestContextImpl extends ContextImpl {
 		if (this.#signedKeyOwner != null) return this.#signedKeyOwner;
 		const key = await this.getSignedKey(options);
 		if (key == null) return this.#signedKeyOwner = null;
-		return this.#signedKeyOwner = await require_proof.getKeyOwner(key, {
-			contextLoader: options.contextLoader ?? this.contextLoader,
-			documentLoader: options.documentLoader ?? this.documentLoader,
-			tracerProvider: options.tracerProvider ?? this.tracerProvider
-		});
+		try {
+			return this.#signedKeyOwner = await require_proof.getKeyOwner(key, {
+				contextLoader: options.contextLoader ?? this.contextLoader,
+				documentLoader: options.documentLoader ?? this.documentLoader,
+				tracerProvider: options.tracerProvider ?? this.tracerProvider
+			});
+		} catch (error) {
+			if (error instanceof __fedify_vocab_runtime.FetchError) {
+				(0, __logtape_logtape.getLogger)([
+					"fedify",
+					"federation",
+					"actor"
+				]).warn("Failed to fetch the key owner {keyOwner} of {keyId} while verifying the request signature; treating the request as unauthenticated: {error}", {
+					keyId: key.id?.href,
+					keyOwner: error.url.href,
+					error
+				});
+				return this.#signedKeyOwner = null;
+			}
+			throw error;
+		}
 	}
 };
 var InboxContextImpl = class InboxContextImpl extends ContextImpl {

package/dist/{middleware-D_wNj9p6.js → middleware-CgEEF8s6.js}

@@ -3,10 +3,10 @@
           import { URLPattern } from "urlpattern-polyfill";
         
 import "./transformers-C3FLHUd6.js";
-import "./http-C3oMHumD.js";
-import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-ByN4qQt0.js";
-import "./proof-BNcJ_Sa_.js";
+import "./http-BNiAwNU-.js";
+import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-BQ3c3mRY.js";
+import "./proof-BSXD3gxs.js";
 import "./types-C93Ob9cU.js";
-import "./kv-cache-K6GW8-uS.js";
+import "./kv-cache-DjYerrCe.js";
 
 export { FederationImpl };

package/dist/{middleware-Co3x1vLV.js → middleware-CpOJCVxU.js}

@@ -3,27 +3,27 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default } from "./deno-D_VnPW-Y.js";
+import { deno_default } from "./deno-RllegzSG.js";
 import { getNodeInfo } from "./client-Dg7OfUDA.js";
 import { RouterError } from "./router-D9eI0s4b.js";
 import { nodeInfoToJson } from "./types-CPz01LGH.js";
-import { exportJwk, importJwk, validateCryptoKey } from "./key-Cw2GXzkv.js";
-import { verifyRequest } from "./http-CFILUWFj.js";
-import { detachSignature, hasSignature, signJsonLd, verifyJsonLd } from "./ld-D4-RbyP8.js";
-import { doesActorOwnKey, getKeyOwner } from "./owner-BJOuHY_S.js";
-import { signObject, verifyObject } from "./proof-VvmjtuyP.js";
-import { getAuthenticatedDocumentLoader } from "./docloader-D7xSU1xb.js";
+import { exportJwk, importJwk, validateCryptoKey } from "./key-BqMOdwtv.js";
+import { verifyRequest } from "./http-Cvsk5Skd.js";
+import { detachSignature, hasSignature, signJsonLd, verifyJsonLd } from "./ld-BMgYSVTZ.js";
+import { doesActorOwnKey, getKeyOwner } from "./owner-rwfm7c6o.js";
+import { signObject, verifyObject } from "./proof-CV9ObID1.js";
+import { getAuthenticatedDocumentLoader } from "./docloader-Bue7Ij3R.js";
 import { kvCache } from "./kv-cache-B__dHl7g.js";
-import { routeActivity } from "./inbox-FsU-ifET.js";
-import { FederationBuilderImpl } from "./builder-DqJQtxW4.js";
+import { routeActivity } from "./inbox-CYce8kRg.js";
+import { FederationBuilderImpl } from "./builder-Dr8wJfzL.js";
 import { buildCollectionSynchronizationHeader } from "./collection-CcnIw1qY.js";
 import { KvKeyCache } from "./keycache-DRxpZ5r9.js";
 import { acceptsJsonLd } from "./negotiation-5NPJL6zp.js";
 import { createExponentialBackoffPolicy } from "./retry-D4GJ670a.js";
-import { SendActivityError, extractInboxes, sendActivity } from "./send-DYC2LvJZ.js";
+import { SendActivityError, extractInboxes, sendActivity } from "./send-BUsEdmU0.js";
 import { getLogger, withContext } from "@logtape/logtape";
 import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
-import { getDocumentLoader } from "@fedify/vocab-runtime";
+import { FetchError, getDocumentLoader } from "@fedify/vocab-runtime";
 import { lookupWebFinger } from "@fedify/webfinger";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_HEADER, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
@@ -182,25 +182,7 @@ async function handleActor(request, { identifier, context: context$1, actorDispa
 		return await onNotFound(request);
 	}
 	if (authorizePredicate != null) {
-		let key = await context$1.getSignedKey();
-		key = key?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"actor"
-			],
-			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-		} }) ?? null;
-		let keyOwner = await context$1.getSignedKeyOwner();
-		keyOwner = keyOwner?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"actor"
-			],
-			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-		} }) ?? null;
-		if (!await authorizePredicate(context$1, identifier, key, keyOwner)) return await onUnauthorized(request);
+		if (!await authorizePredicate(context$1, identifier)) return await onUnauthorized(request);
 	}
 	const jsonLd = await actor.toJsonLd(context$1);
 	return new Response(JSON.stringify(jsonLd), { headers: {
@@ -220,25 +202,7 @@ async function handleObject(request, { values, context: context$1, objectDispatc
 	const object = await objectDispatcher(context$1, values);
 	if (object == null) return await onNotFound(request);
 	if (authorizePredicate != null) {
-		let key = await context$1.getSignedKey();
-		key = key?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"object"
-			],
-			message: "The third parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-		} }) ?? null;
-		let keyOwner = await context$1.getSignedKeyOwner();
-		keyOwner = keyOwner?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"object"
-			],
-			message: "The fourth parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-		} }) ?? null;
-		if (!await authorizePredicate(context$1, values, key, keyOwner)) return await onUnauthorized(request);
+		if (!await authorizePredicate(context$1, values)) return await onUnauthorized(request);
 	}
 	const jsonLd = await object.toJsonLd(context$1);
 	return new Response(JSON.stringify(jsonLd), { headers: {
@@ -370,25 +334,7 @@ async function handleCollection(request, { name, identifier, uriGetter, filter,
 		});
 	}
 	if (collectionCallbacks.authorizePredicate != null) {
-		let key = await context$1.getSignedKey();
-		key = key?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"collection"
-			],
-			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-		} }) ?? null;
-		let keyOwner = await context$1.getSignedKeyOwner();
-		keyOwner = keyOwner?.clone({}, { $warning: {
-			category: [
-				"fedify",
-				"federation",
-				"collection"
-			],
-			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-		} }) ?? null;
-		if (!await collectionCallbacks.authorizePredicate(context$1, identifier, key, keyOwner)) return await onUnauthorized(request);
+		if (!await collectionCallbacks.authorizePredicate(context$1, identifier)) return await onUnauthorized(request);
 	}
 	const jsonLd = await collection.toJsonLd(context$1);
 	return new Response(JSON.stringify(jsonLd), { headers: {
@@ -1039,28 +985,7 @@ const verifyDefined = (callbacks) => {
 */
 const authIfNeeded = async (context$1, values, { authorizePredicate: authorize = void 0 }) => {
 	if (authorize === void 0) return;
-	const key = (await context$1.getSignedKey())?.clone({}, warning.key) ?? null;
-	const keyOwner = (await context$1.getSignedKeyOwner())?.clone({}, warning.keyOwner) ?? null;
-	if (!await authorize(context$1, values, key, keyOwner)) throw new UnauthorizedError();
-};
-/** Warning messages for `authIfNeeded`. */
-const warning = {
-	key: { $warning: {
-		category: [
-			"fedify",
-			"federation",
-			"collection"
-		],
-		message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
-	} },
-	keyOwner: { $warning: {
-		category: [
-			"fedify",
-			"federation",
-			"collection"
-		],
-		message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
-	} }
+	if (!await authorize(context$1, values)) throw new UnauthorizedError();
 };
 /**
 * Appends a cursor parameter to a URL if the cursor exists.
@@ -2888,11 +2813,27 @@ var RequestContextImpl = class RequestContextImpl extends ContextImpl {
 		if (this.#signedKeyOwner != null) return this.#signedKeyOwner;
 		const key = await this.getSignedKey(options);
 		if (key == null) return this.#signedKeyOwner = null;
-		return this.#signedKeyOwner = await getKeyOwner(key, {
-			contextLoader: options.contextLoader ?? this.contextLoader,
-			documentLoader: options.documentLoader ?? this.documentLoader,
-			tracerProvider: options.tracerProvider ?? this.tracerProvider
-		});
+		try {
+			return this.#signedKeyOwner = await getKeyOwner(key, {
+				contextLoader: options.contextLoader ?? this.contextLoader,
+				documentLoader: options.documentLoader ?? this.documentLoader,
+				tracerProvider: options.tracerProvider ?? this.tracerProvider
+			});
+		} catch (error) {
+			if (error instanceof FetchError) {
+				getLogger([
+					"fedify",
+					"federation",
+					"actor"
+				]).warn("Failed to fetch the key owner {keyOwner} of {keyId} while verifying the request signature; treating the request as unauthenticated: {error}", {
+					keyId: key.id?.href,
+					keyOwner: error.url.href,
+					error
+				});
+				return this.#signedKeyOwner = null;
+			}
+			throw error;
+		}
 	}
 };
 var InboxContextImpl = class InboxContextImpl extends ContextImpl {

package/dist/{mod-Bm_GwNTL.d.cts → mod-DVwHUI_x.d.cts}

@@ -1,4 +1,4 @@
-import { ActivityTransformer, Context } from "./context-o4OhjMHe.cjs";
+import { ActivityTransformer, Context } from "./context-D3QkEtZd.cjs";
 import { Activity } from "@fedify/vocab";
 
 //#region src/compat/transformers.d.ts

package/dist/{mod-DwqZ5l67.d.cts → mod-Di3W5OdP.d.cts}

@@ -1,4 +1,4 @@
-import { ActorAliasMapper, ActorDispatcher, ActorHandleMapper, RequestContext, WebFingerLinksDispatcher } from "./context-o4OhjMHe.cjs";
+import { ActorAliasMapper, ActorDispatcher, ActorHandleMapper, RequestContext, WebFingerLinksDispatcher } from "./context-D3QkEtZd.cjs";
 import { Span, Tracer } from "@opentelemetry/api";
 
 //#region src/federation/webfinger.d.ts

package/dist/{mod-CIR7gJW8.d.ts → mod-DnSsduJF.d.ts}

@@ -1,6 +1,6 @@
 import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
-import { ActorAliasMapper, ActorDispatcher, ActorHandleMapper, RequestContext, WebFingerLinksDispatcher } from "./context-Dy5ro7zD.js";
+import { ActorAliasMapper, ActorDispatcher, ActorHandleMapper, RequestContext, WebFingerLinksDispatcher } from "./context-DZJhUmzF.js";
 import { Span, Tracer } from "@opentelemetry/api";
 
 //#region src/federation/webfinger.d.ts