@fedify/fedify 2.1.0-dev.543 → 2.1.0-dev.592

package/dist/sig/http.test.js

@@ -3,19 +3,20 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { createTestTracerProvider, mockDocumentLoader, test } from "../dist-B5f6a8Tt.js";
+import { esm_default } from "../esm-nLm00z9V.js";
 import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import { assert } from "../assert-MZs1qjMx.js";
 import "../assert_instance_of-DHz7EHNU.js";
-import "../deno-9yc0TPBI.js";
-import { exportJwk } from "../key-DFG6tJgw.js";
-import { createRfc9421SignatureBase, doubleKnock, formatRfc9421Signature, formatRfc9421SignatureParameters, parseRfc9421Signature, parseRfc9421SignatureInput, signRequest, timingSafeEqual, verifyRequest, verifyRequestDetailed } from "../http-CpvoK0Y7.js";
-import { assertExists, assertStringIncludes } from "../std__assert-DWivtrGR.js";
-import { assertFalse, assertRejects } from "../assert_rejects-Ce45JcFg.js";
-import { assertThrows } from "../assert_throws-BNXdRGWP.js";
-import "../assert_not_equals-C80BG-_5.js";
-import { rsaPrivateKey2, rsaPublicKey1, rsaPublicKey2, rsaPublicKey5 } from "../keys-ZbcByPg9.js";
-import { esm_default } from "../esm-DGl7uK1r.js";
+import "../deno-OR506Yti.js";
+import "../accept-D7sAxyNa.js";
+import { exportJwk } from "../key-Cx3Tx_In.js";
+import { createRfc9421SignatureBase, doubleKnock, formatRfc9421Signature, formatRfc9421SignatureParameters, parseRfc9421Signature, parseRfc9421SignatureInput, signRequest, timingSafeEqual, verifyRequest, verifyRequestDetailed } from "../http-BUCxbGks.js";
+import { assertExists, assertStringIncludes } from "../std__assert-X-_kMxKM.js";
+import { assertFalse, assertRejects } from "../assert_rejects-0h7I2Esa.js";
+import { assertThrows } from "../assert_throws-rjdMBf31.js";
+import "../assert_not_equals-f3m3epl3.js";
+import { rsaPrivateKey2, rsaPublicKey1, rsaPublicKey2, rsaPublicKey5 } from "../keys-BFve7QQv.js";
+import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
 import { FetchError, exportSpki } from "@fedify/vocab-runtime";
 import { encodeBase64 } from "byte-encodings/base64";
 
@@ -298,7 +299,7 @@ test("signRequest() and verifyRequest() [rfc9421] implementation", async () => {
 	assertEquals(parsedInput.sig1.alg, "rsa-v1_5-sha256");
 	assertEquals(parsedInput.sig1.created, currentTimestamp);
 	assertEquals(parsedInput.sig1.components.length, expectedComponents.length, "Should have all expected components");
-	for (const component of expectedComponents) assert(parsedInput.sig1.components.includes(component), `Components should include ${component}`);
+	for (const component of expectedComponents) assert(parsedInput.sig1.components.some((c) => c.value === component), `Components should include ${component}`);
 	const parsedSig = parseRfc9421Signature(signature);
 	assertExists(parsedSig.sig1);
 	assertEquals(parsedSig.sig1.byteLength > 0, true, "Signature value should be a non-empty Uint8Array");
@@ -323,10 +324,22 @@ test("createRfc9421SignatureBase()", () => {
 		}
 	});
 	const components = [
-		"@method",
-		"@target-uri",
-		"host",
-		"date"
+		{
+			value: "@method",
+			params: {}
+		},
+		{
+			value: "@target-uri",
+			params: {}
+		},
+		{
+			value: "host",
+			params: {}
+		},
+		{
+			value: "date",
+			params: {}
+		}
 	];
 	const created = 1709626184;
 	const signatureBase = createRfc9421SignatureBase(request, components, formatRfc9421SignatureParameters({
@@ -353,9 +366,18 @@ test("formatRfc9421Signature()", () => {
 	const keyId = new URL("https://example.com/key");
 	const algorithm = "rsa-v1_5-sha256";
 	const components = [
-		"@method",
-		"@target-uri",
-		"host"
+		{
+			"value": "@method",
+			params: {}
+		},
+		{
+			"value": "@target-uri",
+			params: {}
+		},
+		{
+			"value": "host",
+			params: {}
+		}
 	];
 	const created = 1709626184;
 	const [signatureInput, signatureHeader] = formatRfc9421Signature(signature, components, formatRfc9421SignatureParameters({
@@ -373,10 +395,22 @@ test("parseRfc9421SignatureInput()", () => {
 	assertEquals(parsed.sig1.alg, "rsa-v1_5-sha256");
 	assertEquals(parsed.sig1.created, 1709626184);
 	assertEquals(parsed.sig1.components, [
-		"@method",
-		"@target-uri",
-		"host",
-		"date"
+		{
+			value: "@method",
+			params: {}
+		},
+		{
+			value: "@target-uri",
+			params: {}
+		},
+		{
+			value: "host",
+			params: {}
+		},
+		{
+			value: "date",
+			params: {}
+		}
 	]);
 	assertEquals(parsed.sig1.parameters, "keyid=\"https://example.com/key\";alg=\"rsa-v1_5-sha256\";created=1709626184");
 });
@@ -626,10 +660,22 @@ test("verifyRequest() [rfc9421] error cases and edge cases", async () => {
 	assertEquals(parsedInput.sig1.alg, "rsa-v1_5-sha256");
 	assertEquals(parsedInput.sig1.created, 1709626184);
 	assertEquals(parsedInput.sig1.components, [
-		"@method",
-		"@target-uri",
-		"host",
-		"date"
+		{
+			value: "@method",
+			params: {}
+		},
+		{
+			value: "@target-uri",
+			params: {}
+		},
+		{
+			value: "host",
+			params: {}
+		},
+		{
+			value: "date",
+			params: {}
+		}
 	]);
 	const signature = testRequest.headers.get("Signature") || "";
 	const parsedSig = parseRfc9421Signature(signature);
@@ -641,8 +687,8 @@ test("verifyRequest() [rfc9421] error cases and edge cases", async () => {
 	assertEquals(complexParsedInput.sig1.keyId, "https://example.com/key with spaces");
 	assertEquals(complexParsedInput.sig1.alg, "rsa-v1_5-sha256");
 	assertEquals(complexParsedInput.sig1.created, 1709626184);
-	assert(complexParsedInput.sig1.components.includes("content-type"));
-	assert(complexParsedInput.sig1.components.includes("value with \"quotes\" and spaces"));
+	assert(complexParsedInput.sig1.components.some((c) => c.value === "content-type"));
+	assert(complexParsedInput.sig1.components.some((c) => c.value === "value with \"quotes\" and spaces"));
 	const multiSigRequest = new Request("https://example.com/", { headers: new Headers({
 		"Signature-Input": `sig1=("@method");keyid="key1";alg="rsa-v1_5-sha256";created=1709626184,sig2=("@target-uri");keyid="key2";alg="rsa-pss-sha512";created=1709626185`,
 		"Signature": `sig1=:AQIDBA==:,sig2=:Zm9vYmFy:`
@@ -1200,7 +1246,10 @@ test("signRequest() [rfc9421] error handling for invalid signature base creation
 		body: "test body"
 	});
 	await assertThrows(() => {
-		createRfc9421SignatureBase(request, ["@unsupported"], "alg=\"rsa-pss-sha256\";keyid=\"https://example.com/key2\";created=1234567890");
+		createRfc9421SignatureBase(request, [{
+			value: "@unsupported",
+			params: {}
+		}], "alg=\"rsa-pss-sha256\";keyid=\"https://example.com/key2\";created=1234567890");
 	}, Error, "Unsupported derived component: @unsupported");
 	const signedRequest = await signRequest(request, rsaPrivateKey2, new URL("https://example.com/key2"), { spec: "rfc9421" });
 	assertExists(signedRequest.headers.get("Signature-Input"));
@@ -1312,5 +1361,381 @@ test("signRequest() and verifyRequest() cancellation", {
 	});
 	esm_default.hardReset();
 });
+test("signRequest() with custom label", async () => {
+	const request = new Request("https://example.com/api", {
+		method: "POST",
+		body: "test",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const signed = await signRequest(request, rsaPrivateKey2, new URL("https://example.com/key2"), {
+		spec: "rfc9421",
+		rfc9421: { label: "mysig" }
+	});
+	const sigInput = signed.headers.get("Signature-Input");
+	assertStringIncludes(sigInput, "mysig=");
+	const sig = signed.headers.get("Signature");
+	assertStringIncludes(sig, "mysig=");
+});
+test("signRequest() with custom components", async () => {
+	const request = new Request("https://example.com/api", {
+		method: "POST",
+		body: "test",
+		headers: {
+			"Content-Type": "text/plain",
+			"Host": "example.com",
+			"Date": "Tue, 05 Mar 2024 07:49:44 GMT"
+		}
+	});
+	const signed = await signRequest(request, rsaPrivateKey2, new URL("https://example.com/key2"), {
+		spec: "rfc9421",
+		rfc9421: { components: [
+			{
+				value: "@method",
+				params: {}
+			},
+			{
+				value: "@target-uri",
+				params: {}
+			},
+			{
+				value: "@authority",
+				params: {}
+			}
+		] }
+	});
+	const sigInput = signed.headers.get("Signature-Input");
+	assertStringIncludes(sigInput, "\"@method\"");
+	assertStringIncludes(sigInput, "\"@target-uri\"");
+	assertStringIncludes(sigInput, "\"@authority\"");
+	assertStringIncludes(sigInput, "\"content-digest\"");
+});
+test("signRequest() with nonce and tag", async () => {
+	const request = new Request("https://example.com/api", {
+		method: "GET",
+		headers: {
+			"Host": "example.com",
+			"Date": "Tue, 05 Mar 2024 07:49:44 GMT"
+		}
+	});
+	const signed = await signRequest(request, rsaPrivateKey2, new URL("https://example.com/key2"), {
+		spec: "rfc9421",
+		rfc9421: {
+			nonce: "test-nonce-123",
+			tag: "app-v1"
+		}
+	});
+	const sigInput = signed.headers.get("Signature-Input");
+	assertStringIncludes(sigInput, "nonce=\"test-nonce-123\"");
+	assertStringIncludes(sigInput, "tag=\"app-v1\"");
+});
+test("formatRfc9421SignatureParameters() escapes nonce and tag", () => {
+	const commonParams = {
+		algorithm: "rsa-v1_5-sha256",
+		keyId: new URL("https://example.com/key"),
+		created: 1709626184
+	};
+	const slashNonce = formatRfc9421SignatureParameters({
+		...commonParams,
+		nonce: "x\\y"
+	});
+	assertStringIncludes(slashNonce, "nonce=\"x\\\\y\"");
+	const quoteNonce = formatRfc9421SignatureParameters({
+		...commonParams,
+		nonce: "a\"b"
+	});
+	assertStringIncludes(quoteNonce, "nonce=\"a\\\"b\"");
+	const slashTag = formatRfc9421SignatureParameters({
+		...commonParams,
+		tag: "x\\y"
+	});
+	assertStringIncludes(slashTag, "tag=\"x\\\\y\"");
+	const quoteTag = formatRfc9421SignatureParameters({
+		...commonParams,
+		tag: "a\"b"
+	});
+	assertStringIncludes(quoteTag, "tag=\"a\\\"b\"");
+	const mixed = formatRfc9421SignatureParameters({
+		...commonParams,
+		nonce: "n\"o\\nce",
+		tag: "t\"ag\\value"
+	});
+	assertStringIncludes(mixed, "nonce=\"n\\\"o\\\\nce\"");
+	assertStringIncludes(mixed, "tag=\"t\\\"ag\\\\value\"");
+});
+test("signRequest() [rfc9421] accumulates multiple signatures when called sequentially", async () => {
+	const request = new Request("https://example.com/inbox", {
+		method: "POST",
+		body: "Hello",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const onceSigned = await signRequest(request, rsaPrivateKey2, new URL("https://example.com/key2"), {
+		spec: "rfc9421",
+		rfc9421: {
+			label: "sig1",
+			components: [{
+				value: "@method",
+				params: {}
+			}, {
+				value: "@target-uri",
+				params: {}
+			}]
+		}
+	});
+	const twiceSigned = await signRequest(onceSigned, rsaPrivateKey2, new URL("https://example.com/key2"), {
+		spec: "rfc9421",
+		rfc9421: {
+			label: "sig2",
+			components: [{
+				value: "@authority",
+				params: {}
+			}]
+		}
+	});
+	const sigInput = twiceSigned.headers.get("Signature-Input") ?? "";
+	const sig = twiceSigned.headers.get("Signature") ?? "";
+	assertStringIncludes(sigInput, "sig1=");
+	assertStringIncludes(sigInput, "sig2=");
+	assertStringIncludes(sig, "sig1=");
+	assertStringIncludes(sig, "sig2=");
+});
+test("doubleKnock(): Accept-Signature challenge retry succeeds", async () => {
+	esm_default.spyGlobal();
+	let requestCount = 0;
+	esm_default.post("https://example.com/inbox-challenge-ok", (cl) => {
+		const req = cl.request;
+		requestCount++;
+		if (requestCount === 1) return new Response("Not Authorized", {
+			status: 401,
+			headers: { "Accept-Signature": "sig1=(\"@method\" \"@target-uri\" \"@authority\" \"content-digest\");created;nonce=\"challenge-nonce-1\"" }
+		});
+		const sigInput = req.headers.get("Signature-Input") ?? "";
+		if (sigInput.includes("challenge-nonce-1")) return new Response("", { status: 202 });
+		return new Response("Bad", { status: 400 });
+	});
+	const request = new Request("https://example.com/inbox-challenge-ok", {
+		method: "POST",
+		body: "Test message",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const response = await doubleKnock(request, {
+		keyId: rsaPublicKey2.id,
+		privateKey: rsaPrivateKey2
+	});
+	assertEquals(response.status, 202);
+	assertEquals(requestCount, 2);
+	esm_default.hardReset();
+});
+test("doubleKnock(): unfulfillable Accept-Signature falls to legacy fallback", async () => {
+	esm_default.spyGlobal();
+	let requestCount = 0;
+	esm_default.post("https://example.com/inbox-unfulfillable", (cl) => {
+		const req = cl.request;
+		requestCount++;
+		if (requestCount === 1) return new Response("Not Authorized", {
+			status: 401,
+			headers: { "Accept-Signature": "sig1=(\"@method\");alg=\"ecdsa-p256-sha256\"" }
+		});
+		if (req.headers.has("Signature") && !req.headers.has("Signature-Input")) return new Response("", { status: 202 });
+		return new Response("Bad", { status: 400 });
+	});
+	const request = new Request("https://example.com/inbox-unfulfillable", {
+		method: "POST",
+		body: "Test message",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const response = await doubleKnock(request, {
+		keyId: rsaPublicKey2.id,
+		privateKey: rsaPrivateKey2
+	});
+	assertEquals(response.status, 202);
+	assertEquals(requestCount, 2);
+	esm_default.hardReset();
+});
+test("doubleKnock(): no Accept-Signature falls to legacy fallback", async () => {
+	esm_default.spyGlobal();
+	let requestCount = 0;
+	esm_default.post("https://example.com/inbox-no-challenge", (cl) => {
+		const req = cl.request;
+		requestCount++;
+		if (requestCount === 1) return new Response("Not Authorized", { status: 401 });
+		if (req.headers.has("Signature")) return new Response("", { status: 202 });
+		return new Response("Bad", { status: 400 });
+	});
+	const request = new Request("https://example.com/inbox-no-challenge", {
+		method: "POST",
+		body: "Test message",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const response = await doubleKnock(request, {
+		keyId: rsaPublicKey2.id,
+		privateKey: rsaPrivateKey2
+	});
+	assertEquals(response.status, 202);
+	assertEquals(requestCount, 2);
+	esm_default.hardReset();
+});
+test("doubleKnock(): challenge retry also fails → legacy fallback attempted", async () => {
+	esm_default.spyGlobal();
+	let requestCount = 0;
+	esm_default.post("https://example.com/inbox-challenge-fails", (cl) => {
+		const req = cl.request;
+		requestCount++;
+		if (requestCount === 1) return new Response("Not Authorized", {
+			status: 401,
+			headers: { "Accept-Signature": "sig1=(\"@method\" \"@target-uri\");created" }
+		});
+		if (requestCount === 2) return new Response("Still Not Authorized", { status: 401 });
+		if (req.headers.has("Signature") && !req.headers.has("Signature-Input")) return new Response("", { status: 202 });
+		return new Response("Bad", { status: 400 });
+	});
+	const request = new Request("https://example.com/inbox-challenge-fails", {
+		method: "POST",
+		body: "Test message",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const response = await doubleKnock(request, {
+		keyId: rsaPublicKey2.id,
+		privateKey: rsaPrivateKey2
+	});
+	assertEquals(response.status, 202);
+	assertEquals(requestCount, 3);
+	esm_default.hardReset();
+});
+test("doubleKnock(): challenge retry returns another challenge → not followed", async () => {
+	esm_default.spyGlobal();
+	let requestCount = 0;
+	esm_default.post("https://example.com/inbox-challenge-loop", (cl) => {
+		const req = cl.request;
+		requestCount++;
+		if (requestCount === 1) return new Response("Not Authorized", {
+			status: 401,
+			headers: { "Accept-Signature": "sig1=(\"@method\" \"@target-uri\");created;nonce=\"nonce-1\"" }
+		});
+		if (requestCount === 2) return new Response("Still Not Authorized", {
+			status: 401,
+			headers: { "Accept-Signature": "sig1=(\"@method\" \"@target-uri\");created;nonce=\"nonce-2\"" }
+		});
+		if (req.headers.has("Signature") && !req.headers.has("Signature-Input")) return new Response("", { status: 202 });
+		return new Response("Bad", { status: 400 });
+	});
+	const request = new Request("https://example.com/inbox-challenge-loop", {
+		method: "POST",
+		body: "Test message",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const response = await doubleKnock(request, {
+		keyId: rsaPublicKey2.id,
+		privateKey: rsaPrivateKey2
+	});
+	assertEquals(response.status, 202);
+	assertEquals(requestCount, 3);
+	esm_default.hardReset();
+});
+test("doubleKnock(): Accept-Signature with unsupported component falls to legacy fallback", async () => {
+	esm_default.spyGlobal();
+	let requestCount = 0;
+	esm_default.post("https://example.com/inbox-bad-challenge", (cl) => {
+		const req = cl.request;
+		requestCount++;
+		if (requestCount === 1) return new Response("Not Authorized", {
+			status: 401,
+			headers: { "Accept-Signature": "sig1=(\"@method\" \"@target-uri\" \"x-custom-required\");created" }
+		});
+		if (req.headers.has("Signature") && !req.headers.has("Signature-Input")) return new Response("", { status: 202 });
+		return new Response("Bad", { status: 400 });
+	});
+	const request = new Request("https://example.com/inbox-bad-challenge", {
+		method: "POST",
+		body: "Test message",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const response = await doubleKnock(request, {
+		keyId: rsaPublicKey2.id,
+		privateKey: rsaPrivateKey2
+	});
+	assertEquals(response.status, 202);
+	assertEquals(requestCount, 2);
+	esm_default.hardReset();
+});
+test("doubleKnock(): Accept-Signature with unsupported derived component falls to legacy fallback", async () => {
+	esm_default.spyGlobal();
+	let requestCount = 0;
+	esm_default.post("https://example.com/inbox-bad-derived", (cl) => {
+		const req = cl.request;
+		requestCount++;
+		if (requestCount === 1) return new Response("Not Authorized", {
+			status: 401,
+			headers: { "Accept-Signature": "sig1=(\"@method\" \"@query-param\");created" }
+		});
+		if (req.headers.has("Signature") && !req.headers.has("Signature-Input")) return new Response("", { status: 202 });
+		return new Response("Bad", { status: 400 });
+	});
+	const request = new Request("https://example.com/inbox-bad-derived", {
+		method: "POST",
+		body: "Test message",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const response = await doubleKnock(request, {
+		keyId: rsaPublicKey2.id,
+		privateKey: rsaPrivateKey2
+	});
+	assertEquals(response.status, 202);
+	assertEquals(requestCount, 2);
+	esm_default.hardReset();
+});
+test("doubleKnock(): Accept-Signature with multiple entries where first throws falls to next entry", async () => {
+	esm_default.spyGlobal();
+	let requestCount = 0;
+	esm_default.post("https://example.com/inbox-multi-challenge", (cl) => {
+		const req = cl.request;
+		requestCount++;
+		if (requestCount === 1) return new Response("Not Authorized", {
+			status: 401,
+			headers: { "Accept-Signature": "sig1=(\"@method\" \"x-nonexistent\");created,sig2=(\"@method\" \"@target-uri\" \"@authority\");created" }
+		});
+		if (req.headers.has("Signature-Input")) return new Response("", { status: 202 });
+		return new Response("Bad", { status: 400 });
+	});
+	const request = new Request("https://example.com/inbox-multi-challenge", {
+		method: "POST",
+		body: "Test message",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const response = await doubleKnock(request, {
+		keyId: rsaPublicKey2.id,
+		privateKey: rsaPrivateKey2
+	});
+	assertEquals(response.status, 202);
+	assertEquals(requestCount, 2);
+	esm_default.hardReset();
+});
+test("doubleKnock(): Accept-Signature with multiple compatible entries fulfills all (RFC 9421 §5 MUST)", async () => {
+	esm_default.spyGlobal();
+	let requestCount = 0;
+	esm_default.post("https://example.com/inbox-multi-compat", (cl) => {
+		const req = cl.request;
+		requestCount++;
+		if (requestCount === 1) return new Response("Not Authorized", {
+			status: 401,
+			headers: { "Accept-Signature": "sig1=(\"@method\" \"@target-uri\");created,sig2=(\"@authority\");created;nonce=\"nonce-for-sig2\"" }
+		});
+		const sigInput = req.headers.get("Signature-Input") ?? "";
+		const sig = req.headers.get("Signature") ?? "";
+		if (sigInput.includes("sig1=") && sigInput.includes("sig2=") && sig.includes("sig1=") && sig.includes("sig2=")) return new Response("", { status: 202 });
+		return new Response("Missing signatures", { status: 400 });
+	});
+	const request = new Request("https://example.com/inbox-multi-compat", {
+		method: "POST",
+		body: "Test message",
+		headers: { "Content-Type": "text/plain" }
+	});
+	const response = await doubleKnock(request, {
+		keyId: rsaPublicKey2.id,
+		privateKey: rsaPrivateKey2
+	});
+	assertEquals(response.status, 202);
+	assertEquals(requestCount, 2);
+	esm_default.hardReset();
+});
 
 //#endregion

package/dist/sig/key.test.js

@@ -3,17 +3,17 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { createTestTracerProvider, mockDocumentLoader, test } from "../dist-B5f6a8Tt.js";
 import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import "../assert-MZs1qjMx.js";
 import "../assert_instance_of-DHz7EHNU.js";
-import "../deno-9yc0TPBI.js";
-import { exportJwk, fetchKey, fetchKeyDetailed, generateCryptoKeyPair, importJwk, validateCryptoKey } from "../key-DFG6tJgw.js";
-import "../std__assert-DWivtrGR.js";
-import { assertRejects } from "../assert_rejects-Ce45JcFg.js";
-import { assertThrows } from "../assert_throws-BNXdRGWP.js";
-import "../assert_not_equals-C80BG-_5.js";
-import { ed25519Multikey, rsaPrivateKey2, rsaPublicKey1, rsaPublicKey2, rsaPublicKey3 } from "../keys-ZbcByPg9.js";
+import "../deno-OR506Yti.js";
+import { exportJwk, fetchKey, fetchKeyDetailed, generateCryptoKeyPair, importJwk, validateCryptoKey } from "../key-Cx3Tx_In.js";
+import "../std__assert-X-_kMxKM.js";
+import { assertRejects } from "../assert_rejects-0h7I2Esa.js";
+import { assertThrows } from "../assert_throws-rjdMBf31.js";
+import "../assert_not_equals-f3m3epl3.js";
+import { ed25519Multikey, rsaPrivateKey2, rsaPublicKey1, rsaPublicKey2, rsaPublicKey3 } from "../keys-BFve7QQv.js";
+import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
 import { CryptographicKey, Multikey } from "@fedify/vocab";
 import { FetchError } from "@fedify/vocab-runtime";
 

package/dist/sig/ld.test.js

@@ -3,15 +3,15 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { mockDocumentLoader, test } from "../dist-B5f6a8Tt.js";
 import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import { assert } from "../assert-MZs1qjMx.js";
-import "../deno-9yc0TPBI.js";
-import { generateCryptoKeyPair } from "../key-DFG6tJgw.js";
-import { attachSignature, createSignature, detachSignature, signJsonLd, verifyJsonLd, verifySignature } from "../ld-DVnRS9IK.js";
-import { assertFalse, assertRejects } from "../assert_rejects-Ce45JcFg.js";
-import { assertThrows } from "../assert_throws-BNXdRGWP.js";
-import { ed25519Multikey, ed25519PrivateKey, rsaPrivateKey2, rsaPrivateKey3, rsaPublicKey2, rsaPublicKey3 } from "../keys-ZbcByPg9.js";
+import "../deno-OR506Yti.js";
+import { generateCryptoKeyPair } from "../key-Cx3Tx_In.js";
+import { attachSignature, createSignature, detachSignature, signJsonLd, verifyJsonLd, verifySignature } from "../ld-CLMJw_iX.js";
+import { assertFalse, assertRejects } from "../assert_rejects-0h7I2Esa.js";
+import { assertThrows } from "../assert_throws-rjdMBf31.js";
+import { ed25519Multikey, ed25519PrivateKey, rsaPrivateKey2, rsaPrivateKey3, rsaPublicKey2, rsaPublicKey3 } from "../keys-BFve7QQv.js";
+import { mockDocumentLoader, test } from "@fedify/fixture";
 import { CryptographicKey } from "@fedify/vocab";
 import { encodeBase64 } from "byte-encodings/base64";
 

package/dist/sig/mod.cjs

@@ -2,8 +2,8 @@
           const { Temporal } = require("@js-temporal/polyfill");
           const { URLPattern } = require("urlpattern-polyfill");
         
-const require_http = require('../http-C_9L2wFv.cjs');
-const require_proof = require('../proof-BF_LZjDb.cjs');
+const require_http = require('../http-CaXARmaJ.cjs');
+const require_proof = require('../proof-BVl5IgbN.cjs');
 require('../sig-vX39WyWI.cjs');
 
 exports.attachSignature = require_proof.attachSignature;
@@ -14,12 +14,16 @@ exports.doesActorOwnKey = require_proof.doesActorOwnKey;
 exports.exportJwk = require_http.exportJwk;
 exports.fetchKey = require_http.fetchKey;
 exports.fetchKeyDetailed = require_http.fetchKeyDetailed;
+exports.formatAcceptSignature = require_http.formatAcceptSignature;
+exports.fulfillAcceptSignature = require_http.fulfillAcceptSignature;
 exports.generateCryptoKeyPair = require_http.generateCryptoKeyPair;
 exports.getKeyOwner = require_proof.getKeyOwner;
 exports.importJwk = require_http.importJwk;
+exports.parseAcceptSignature = require_http.parseAcceptSignature;
 exports.signJsonLd = require_proof.signJsonLd;
 exports.signObject = require_proof.signObject;
 exports.signRequest = require_http.signRequest;
+exports.validateAcceptSignature = require_http.validateAcceptSignature;
 exports.verifyJsonLd = require_proof.verifyJsonLd;
 exports.verifyObject = require_proof.verifyObject;
 exports.verifyProof = require_proof.verifyProof;

package/dist/sig/mod.d.cts

@@ -1,4 +1,4 @@
-import { FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, SignRequestOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, exportJwk, fetchKey, fetchKeyDetailed, generateCryptoKeyPair, importJwk, signRequest, verifyRequest, verifyRequestDetailed } from "../http-DsqqmkXi.cjs";
+import { AcceptSignatureMember, AcceptSignatureParameters, FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, FulfillAcceptSignatureResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, Rfc9421SignRequestOptions, SignRequestOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, exportJwk, fetchKey, fetchKeyDetailed, formatAcceptSignature, fulfillAcceptSignature, generateCryptoKeyPair, importJwk, parseAcceptSignature, signRequest, validateAcceptSignature, verifyRequest, verifyRequestDetailed } from "../http-BudnHZE2.cjs";
 import { DoesActorOwnKeyOptions, GetKeyOwnerOptions, doesActorOwnKey, getKeyOwner } from "../owner-1AbPBOOZ.cjs";
-import { CreateProofOptions, CreateSignatureOptions, SignJsonLdOptions, SignObjectOptions, VerifyJsonLdOptions, VerifyObjectOptions, VerifyProofOptions, VerifySignatureOptions, attachSignature, createProof, createSignature, detachSignature, signJsonLd, signObject, verifyJsonLd, verifyObject, verifyProof, verifySignature } from "../mod-CFBU2OT3.cjs";
-export { CreateProofOptions, CreateSignatureOptions, DoesActorOwnKeyOptions, FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, GetKeyOwnerOptions, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, SignJsonLdOptions, SignObjectOptions, SignRequestOptions, VerifyJsonLdOptions, VerifyObjectOptions, VerifyProofOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, VerifySignatureOptions, attachSignature, createProof, createSignature, detachSignature, doesActorOwnKey, exportJwk, fetchKey, fetchKeyDetailed, generateCryptoKeyPair, getKeyOwner, importJwk, signJsonLd, signObject, signRequest, verifyJsonLd, verifyObject, verifyProof, verifyRequest, verifyRequestDetailed, verifySignature };
+import { CreateProofOptions, CreateSignatureOptions, SignJsonLdOptions, SignObjectOptions, VerifyJsonLdOptions, VerifyObjectOptions, VerifyProofOptions, VerifySignatureOptions, attachSignature, createProof, createSignature, detachSignature, signJsonLd, signObject, verifyJsonLd, verifyObject, verifyProof, verifySignature } from "../mod-Coe7KEgX.cjs";
+export { AcceptSignatureMember, AcceptSignatureParameters, CreateProofOptions, CreateSignatureOptions, DoesActorOwnKeyOptions, FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, FulfillAcceptSignatureResult, GetKeyOwnerOptions, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, Rfc9421SignRequestOptions, SignJsonLdOptions, SignObjectOptions, SignRequestOptions, VerifyJsonLdOptions, VerifyObjectOptions, VerifyProofOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, VerifySignatureOptions, attachSignature, createProof, createSignature, detachSignature, doesActorOwnKey, exportJwk, fetchKey, fetchKeyDetailed, formatAcceptSignature, fulfillAcceptSignature, generateCryptoKeyPair, getKeyOwner, importJwk, parseAcceptSignature, signJsonLd, signObject, signRequest, validateAcceptSignature, verifyJsonLd, verifyObject, verifyProof, verifyRequest, verifyRequestDetailed, verifySignature };

package/dist/sig/mod.d.ts

@@ -1,6 +1,6 @@
 import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
-import { FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, SignRequestOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, exportJwk, fetchKey, fetchKeyDetailed, generateCryptoKeyPair, importJwk, signRequest, verifyRequest, verifyRequestDetailed } from "../http-BbfOqHGG.js";
+import { AcceptSignatureMember, AcceptSignatureParameters, FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, FulfillAcceptSignatureResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, Rfc9421SignRequestOptions, SignRequestOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, exportJwk, fetchKey, fetchKeyDetailed, formatAcceptSignature, fulfillAcceptSignature, generateCryptoKeyPair, importJwk, parseAcceptSignature, signRequest, validateAcceptSignature, verifyRequest, verifyRequestDetailed } from "../http-Dax_FIBo.js";
 import { DoesActorOwnKeyOptions, GetKeyOwnerOptions, doesActorOwnKey, getKeyOwner } from "../owner-gd0Q9FuU.js";
-import { CreateProofOptions, CreateSignatureOptions, SignJsonLdOptions, SignObjectOptions, VerifyJsonLdOptions, VerifyObjectOptions, VerifyProofOptions, VerifySignatureOptions, attachSignature, createProof, createSignature, detachSignature, signJsonLd, signObject, verifyJsonLd, verifyObject, verifyProof, verifySignature } from "../mod-CvxylbuV.js";
-export { CreateProofOptions, CreateSignatureOptions, DoesActorOwnKeyOptions, FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, GetKeyOwnerOptions, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, SignJsonLdOptions, SignObjectOptions, SignRequestOptions, VerifyJsonLdOptions, VerifyObjectOptions, VerifyProofOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, VerifySignatureOptions, attachSignature, createProof, createSignature, detachSignature, doesActorOwnKey, exportJwk, fetchKey, fetchKeyDetailed, generateCryptoKeyPair, getKeyOwner, importJwk, signJsonLd, signObject, signRequest, verifyJsonLd, verifyObject, verifyProof, verifyRequest, verifyRequestDetailed, verifySignature };
+import { CreateProofOptions, CreateSignatureOptions, SignJsonLdOptions, SignObjectOptions, VerifyJsonLdOptions, VerifyObjectOptions, VerifyProofOptions, VerifySignatureOptions, attachSignature, createProof, createSignature, detachSignature, signJsonLd, signObject, verifyJsonLd, verifyObject, verifyProof, verifySignature } from "../mod-D6dOd--H.js";
+export { AcceptSignatureMember, AcceptSignatureParameters, CreateProofOptions, CreateSignatureOptions, DoesActorOwnKeyOptions, FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, FulfillAcceptSignatureResult, GetKeyOwnerOptions, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, Rfc9421SignRequestOptions, SignJsonLdOptions, SignObjectOptions, SignRequestOptions, VerifyJsonLdOptions, VerifyObjectOptions, VerifyProofOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, VerifySignatureOptions, attachSignature, createProof, createSignature, detachSignature, doesActorOwnKey, exportJwk, fetchKey, fetchKeyDetailed, formatAcceptSignature, fulfillAcceptSignature, generateCryptoKeyPair, getKeyOwner, importJwk, parseAcceptSignature, signJsonLd, signObject, signRequest, validateAcceptSignature, verifyJsonLd, verifyObject, verifyProof, verifyRequest, verifyRequestDetailed, verifySignature };