@fedify/fedify 2.1.0-dev.565 → 2.1.0-dev.592

package/dist/{http-Dm9n1mRe.js → http-BUCxbGks.js}

@@ -3,8 +3,9 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default } from "./deno-CEdy89j9.js";
-import { fetchKeyDetailed, validateCryptoKey } from "./key-B0yADkL8.js";
+import { deno_default } from "./deno-OR506Yti.js";
+import { fulfillAcceptSignature, parseAcceptSignature, validateAcceptSignature } from "./accept-D7sAxyNa.js";
+import { fetchKeyDetailed, validateCryptoKey } from "./key-Cx3Tx_In.js";
 import { CryptographicKey } from "@fedify/vocab";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
@@ -31,7 +32,7 @@ async function signRequest(request, privateKey, keyId, options = {}) {
 		try {
 			const spec = options.spec ?? "draft-cavage-http-signatures-12";
 			let signed;
-			if (spec === "rfc9421") signed = await signRequestRfc9421(request, privateKey, keyId, span, options.currentTime, options.body);
+			if (spec === "rfc9421") signed = await signRequestRfc9421(request, privateKey, keyId, span, options.currentTime, options.body, options.rfc9421);
 			else signed = await signRequestDraft(request, privateKey, keyId, span, options.currentTime, options.body);
 			if (span.isRecording()) {
 				span.setAttribute(ATTR_HTTP_REQUEST_METHOD, signed.method);
@@ -79,7 +80,19 @@ async function signRequestDraft(request, privateKey, keyId, span, currentTime, b
 	});
 }
 function formatRfc9421SignatureParameters(params) {
-	return `alg="${params.algorithm}";keyid="${params.keyId.href}";created=${params.created}`;
+	return Array.from(iterRfc9421(params)).join(";");
+}
+function* iterRfc9421(params) {
+	yield `alg="${params.algorithm}"`;
+	yield `keyid="${params.keyId.href}"`;
+	yield `created=${params.created}`;
+	if (params.expires != null) yield `expires=${params.expires}`;
+	if (params.nonce != null) yield `nonce="${escapeSfString(params.nonce)}"`;
+	if (params.tag != null) yield `tag="${escapeSfString(params.tag)}"`;
+}
+const escapeSfString = (value) => value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
+function formatComponentId(component) {
+	return encodeItem(new Item(component.value, component.params));
 }
 /**
 * Creates a signature base for a request according to RFC 9421.
@@ -90,30 +103,31 @@ function formatRfc9421SignatureParameters(params) {
 */
 function createRfc9421SignatureBase(request, components, parameters) {
 	const url = new URL(request.url);
-	const baseComponents = [];
-	for (const component of components) {
-		let value;
-		if (component === "@method") value = request.method.toUpperCase();
-		else if (component === "@target-uri") value = request.url;
-		else if (component === "@authority") value = url.host;
-		else if (component === "@scheme") value = url.protocol.slice(0, -1);
-		else if (component === "@request-target") value = `${request.method.toLowerCase()} ${url.pathname}${url.search}`;
-		else if (component === "@path") value = url.pathname;
-		else if (component === "@query") value = url.search.startsWith("?") ? url.search.slice(1) : url.search;
-		else if (component === "@query-param") throw new Error("@query-param requires a parameter name");
-		else if (component === "@status") throw new Error("@status is only valid for responses");
-		else if (component.startsWith("@")) throw new Error(`Unsupported derived component: ${component}`);
-		else {
-			const header = request.headers.get(component);
-			if (header == null) throw new Error(`Missing header: ${component}`);
-			value = header;
-		}
-		baseComponents.push(`"${component}": ${value}`);
-	}
-	const sigComponents = components.map((c) => `"${c}"`).join(" ");
-	baseComponents.push(`"@signature-params": (${sigComponents});${parameters}`);
-	return baseComponents.join("\n");
+	return components.map((component) => {
+		const id = formatComponentId(component);
+		const derived = derivedComponents[component.value]?.(request, url);
+		if (derived != null) return `${id}: ${derived}`;
+		if (component.value.startsWith("@")) throw new Error(`Unsupported derived component: ${component.value}`);
+		const header = request.headers.get(component.value);
+		if (header == null) throw new Error(`Missing header: ${component.value}`);
+		return `${id}: ${header}`;
+	}).concat([`"@signature-params": (${components.map((c) => formatComponentId(c)).join(" ")});${parameters}`]).join("\n");
 }
+const derivedComponents = {
+	"@method": (request) => request.method.toUpperCase(),
+	"@target-uri": (_, url) => url.href,
+	"@authority": (_, url) => url.host,
+	"@scheme": (_, url) => url.protocol.slice(0, -1),
+	"@request-target": (request, url) => `${request.method.toLowerCase()} ${url.pathname}${url.search}`,
+	"@path": (_, url) => url.pathname,
+	"@query": (_, { search }) => search.startsWith("?") ? search.slice(1) : search,
+	"@query-param": () => {
+		throw new Error("@query-param requires a parameter name");
+	},
+	"@status": () => {
+		throw new Error("@status is only valid for responses");
+	}
+};
 /**
 * Formats a signature using rfc9421 format.
 * @param signature The raw signature bytes.
@@ -121,9 +135,9 @@ function createRfc9421SignatureBase(request, components, parameters) {
 * @param parameters The signature parameters.
 * @returns The formatted signature string.
 */
-function formatRfc9421Signature(signature, components, parameters) {
-	const signatureInputValue = `sig1=("${components.join("\" \"")}");${parameters}`;
-	const signatureValue = `sig1=:${encodeBase64(signature)}:`;
+function formatRfc9421Signature(signature, components, parameters, label = "sig1") {
+	const signatureInputValue = `${label}=(${components.map((c) => formatComponentId(c)).join(" ")});${parameters}`;
+	const signatureValue = `${label}=:${encodeBase64(signature)}:`;
 	return [signatureInputValue, signatureValue];
 }
 /**
@@ -149,12 +163,17 @@ function parseRfc9421SignatureInput(signatureInput) {
 	const result = {};
 	for (const [label, item] of Object.entries(dict)) {
 		if (!Array.isArray(item.value) || typeof item.params.keyid !== "string" || typeof item.params.created !== "number") continue;
-		const components = item.value.map((subitem) => subitem.value).filter((v) => typeof v === "string");
+		const components = item.value.filter((subitem) => typeof subitem.value === "string").map((subitem) => ({
+			value: subitem.value,
+			params: subitem.params ?? {}
+		}));
 		const params = encodeItem(new Item(0, item.params));
 		result[label] = {
 			keyId: item.params.keyid,
 			alg: item.params.alg,
 			created: item.params.created,
+			nonce: typeof item.params.nonce === "string" ? item.params.nonce : void 0,
+			tag: typeof item.params.tag === "string" ? item.params.tag : void 0,
 			components,
 			parameters: params.slice(params.indexOf(";") + 1)
 		};
@@ -185,7 +204,7 @@ function parseRfc9421Signature(signature) {
 	for (const [key, value] of Object.entries(dict)) if (value.value instanceof Uint8Array) result[key] = value.value;
 	return result;
 }
-async function signRequestRfc9421(request, privateKey, keyId, span, currentTime, bodyBuffer) {
+async function signRequestRfc9421(request, privateKey, keyId, span, currentTime, bodyBuffer, rfc9421Options) {
 	if (privateKey.algorithm.name !== "RSASSA-PKCS1-v1_5") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
 	const url = new URL(request.url);
 	const body = bodyBuffer !== void 0 ? bodyBuffer : request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
@@ -199,18 +218,40 @@ async function signRequestRfc9421(request, privateKey, keyId, span, currentTime,
 	currentTime ??= Temporal.Now.instant();
 	const created = currentTime.epochMilliseconds / 1e3 | 0;
 	if (!headers.has("Date")) headers.set("Date", new Date(currentTime.toString()).toUTCString());
-	const components = [
-		"@method",
-		"@target-uri",
-		"@authority",
-		"host",
-		"date"
-	];
-	if (body != null) components.push("content-digest");
+	const label = rfc9421Options?.label ?? "sig1";
+	const components = [...rfc9421Options?.components ?? [
+		{
+			value: "@method",
+			params: {}
+		},
+		{
+			value: "@target-uri",
+			params: {}
+		},
+		{
+			value: "@authority",
+			params: {}
+		},
+		{
+			value: "host",
+			params: {}
+		},
+		{
+			value: "date",
+			params: {}
+		}
+	], ...body != null ? [{
+		value: "content-digest",
+		params: {}
+	}] : []];
+	const expires = rfc9421Options?.expires === true ? (currentTime.epochMilliseconds / 1e3 | 0) + 3600 : void 0;
 	const signatureParams = formatRfc9421SignatureParameters({
 		algorithm: "rsa-v1_5-sha256",
 		keyId,
-		created
+		created,
+		expires,
+		nonce: rfc9421Options?.nonce,
+		tag: rfc9421Options?.tag
 	});
 	let signatureBase;
 	try {
@@ -222,9 +263,11 @@ async function signRequestRfc9421(request, privateKey, keyId, span, currentTime,
 		throw new TypeError(`Failed to create signature base: ${String(error)}; it is probably a bug in the implementation.  Please report it at Fedify's issue tracker.`);
 	}
 	const signatureBytes = await crypto.subtle.sign("RSASSA-PKCS1-v1_5", privateKey, new TextEncoder().encode(signatureBase));
-	const [signatureInput, signature] = formatRfc9421Signature(signatureBytes, components, signatureParams);
-	headers.set("Signature-Input", signatureInput);
-	headers.set("Signature", signature);
+	const [signatureInput, signature] = formatRfc9421Signature(signatureBytes, components, signatureParams, label);
+	const existingInput = headers.get("Signature-Input");
+	headers.set("Signature-Input", existingInput != null ? `${existingInput}, ${signatureInput}` : signatureInput);
+	const existingSignature = headers.get("Signature");
+	headers.set("Signature", existingSignature != null ? `${existingSignature}, ${signature}` : signature);
 	if (span.isRecording()) {
 		span.setAttribute("http_signatures.algorithm", "rsa-v1_5-sha256");
 		span.setAttribute("http_signatures.signature", encodeHex(signatureBytes));
@@ -683,7 +726,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 				continue;
 			}
 		}
-		if (request.method !== "GET" && request.method !== "HEAD" && sigInput.components.includes("content-digest")) {
+		if (request.method !== "GET" && request.method !== "HEAD" && sigInput.components.some((c) => c.value === "content-digest")) {
 			const contentDigestHeader = request.headers.get("Content-Digest");
 			if (!contentDigestHeader) {
 				logger.debug("Failed to verify; Content-Digest header required but not found.", { components: sigInput.components });
@@ -753,7 +796,8 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 			const verified = await crypto.subtle.verify(algorithm, key.publicKey, sigBytes.slice(), signatureBaseBytes);
 			if (verified) return {
 				verified: true,
-				key
+				key,
+				signatureLabel: sigName
 			};
 			else if (cached) {
 				logger.debug("Failed to verify with cached key {keyId}; retrying with fresh key...", { keyId: sigInput.keyId });
@@ -842,12 +886,63 @@ async function doubleKnock(request, identity, options = {}) {
 			body
 		});
 	} else if (response.status === 400 || response.status === 401 || response.status > 401) {
-		const spec = firstTrySpec === "draft-cavage-http-signatures-12" ? "rfc9421" : "draft-cavage-http-signatures-12";
-		getLogger([
+		const logger = getLogger([
 			"fedify",
 			"sig",
 			"http"
-		]).debug("Failed to verify with the spec {spec} ({status} {statusText}); retrying with spec {secondSpec}... (double-knocking)", {
+		]);
+		const acceptSigHeader = response.headers.get("Accept-Signature");
+		if (acceptSigHeader != null) {
+			const entries = validateAcceptSignature(parseAcceptSignature(acceptSigHeader));
+			const localKeyId = identity.keyId.href;
+			const localAlg = "rsa-v1_5-sha256";
+			let fulfilled = false;
+			let challengeRequest;
+			for (const entry of entries) {
+				const rfc9421 = fulfillAcceptSignature(entry, localKeyId, localAlg);
+				if (rfc9421 == null) continue;
+				logger.debug("Received Accept-Signature challenge; accumulating label {label} and components {components}.", {
+					label: rfc9421.label,
+					components: rfc9421.components
+				});
+				try {
+					challengeRequest = await signRequest(challengeRequest ?? request, identity.privateKey, identity.keyId, {
+						spec: "rfc9421",
+						tracerProvider,
+						body,
+						rfc9421
+					});
+					fulfilled = true;
+				} catch (error) {
+					logger.debug("Failed to fulfill Accept-Signature challenge entry {label}: {error}", {
+						label: entry.label,
+						error
+					});
+				}
+			}
+			if (fulfilled && challengeRequest != null) {
+				signedRequest = challengeRequest;
+				log?.(signedRequest);
+				response = await fetch(signedRequest, {
+					redirect: "manual",
+					signal
+				});
+				if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
+					const location = response.headers.get("Location");
+					return doubleKnock(createRedirectRequest(request, location, body), identity, {
+						...options,
+						body
+					});
+				}
+			}
+			if (fulfilled && response.status < 300) {
+				await specDeterminer?.rememberSpec(origin, "rfc9421");
+				return response;
+			}
+			if (fulfilled && response.status !== 400 && response.status !== 401) return response;
+		}
+		const spec = firstTrySpec === "draft-cavage-http-signatures-12" ? "rfc9421" : "draft-cavage-http-signatures-12";
+		logger.debug("Failed to verify with the spec {spec} ({status} {statusText}); retrying with spec {secondSpec}... (double-knocking)", {
 			spec: firstTrySpec,
 			secondSpec: spec,
 			status: response.status,

package/dist/{http-DsqqmkXi.d.cts → http-BudnHZE2.d.cts}

@@ -151,6 +151,194 @@ interface KeyCache {
   set(keyId: URL, key: CryptographicKey | Multikey | null): Promise<void>;
 }
 //#endregion
+//#region src/sig/accept.d.ts
+/**
+* Signature metadata parameters that may appear in an
+* `Accept-Signature` member, as defined in
+* [RFC 9421 §5.1](https://www.rfc-editor.org/rfc/rfc9421#section-5.1).
+*
+* @since 2.1.0
+*/
+interface AcceptSignatureParameters {
+  /**
+  * If present, the signer is requested to use the indicated key
+  * material to create the target signature.
+  */
+  keyid?: string;
+  /**
+  * If present, the signer is requested to use the indicated algorithm
+  * from the HTTP Signature Algorithms registry.
+  */
+  alg?: string;
+  /**
+  * If `true`, the signer is requested to generate and include a
+  * creation timestamp.  This parameter has no associated value in the
+  * wire format.
+  */
+  created?: true;
+  /**
+  * If `true`, the signer is requested to generate and include an
+  * expiration timestamp.  This parameter has no associated value in
+  * the wire format.
+  */
+  expires?: true;
+  /**
+  * If present, the signer is requested to include this value as the
+  * signature nonce in the target signature.
+  */
+  nonce?: string;
+  /**
+  * If present, the signer is requested to include this value as the
+  * signature tag in the target signature.
+  */
+  tag?: string;
+}
+/**
+* A single covered component identifier from an `Accept-Signature` inner list,
+* as defined in [RFC 9421 §2.1](https://www.rfc-editor.org/rfc/rfc9421#section-2.1)
+* and [§5.1](https://www.rfc-editor.org/rfc/rfc9421#section-5.1).
+*
+* RFC 9421 §5.1 requires that the list of component identifiers includes
+* *all applicable component parameters*.  Parameters such as `;sf`, `;bs`,
+* `;req`, `;tr`, `;name`, and `;key` narrow the meaning of a component
+* identifier and MUST be preserved exactly as received so that the signer
+* can cover the same components the verifier requested.
+*
+* Examples:
+* - `{ value: "@method", params: {} }`
+* - `{ value: "content-type", params: { sf: true } }`
+* - `{ value: "@query-param", params: { name: "foo" } }`
+*
+* @since 2.1.0
+*/
+interface AcceptSignatureComponent {
+  /**
+  * The component identifier name (e.g., `"@method"`, `"content-digest"`,
+  * `"@query-param"`).
+  */
+  value: string;
+  /**
+  * Component parameters attached to this identifier (e.g., `{ sf: true }`,
+  * `{ name: "foo" }`).  An empty object means no parameters were present.
+  * Parameters MUST NOT be dropped; doing so would cause the signer to cover
+  * a different component than the verifier requested.
+  */
+  params: Record<string, unknown>;
+}
+/**
+* Represents a single member of the `Accept-Signature` Dictionary
+* Structured Field, as defined in
+* [RFC 9421 §5.1](https://www.rfc-editor.org/rfc/rfc9421#section-5.1).
+*
+* @since 2.1.0
+*/
+interface AcceptSignatureMember {
+  /**
+  * The label that uniquely identifies the requested message signature
+  * within the context of the target HTTP message (e.g., `"sig1"`).
+  */
+  label: string;
+  /**
+  * The exact list of covered component identifiers requested for the target
+  * signature, including all applicable component parameters, as required by
+  * [RFC 9421 §5.1](https://www.rfc-editor.org/rfc/rfc9421#section-5.1).
+  *
+  * Each element is an {@link AcceptSignatureComponent} that preserves
+  * both the identifier name and any parameters (e.g., `;sf`, `;name="foo"`).
+  * The signer MUST cover exactly these components—with their parameters—when
+  * fulfilling the challenge.
+  */
+  components: AcceptSignatureComponent[];
+  /**
+  * Optional signature metadata parameters requested by the verifier.
+  */
+  parameters: AcceptSignatureParameters;
+}
+/**
+* Parses an `Accept-Signature` header value (RFC 9421 §5.1) into an
+* array of {@link AcceptSignatureMember} objects.
+*
+* The `Accept-Signature` field is a Dictionary Structured Field
+* (RFC 8941 §3.2).  Each dictionary member describes a single
+* requested message signature.
+*
+* On parse failure (malformed or empty header), returns an empty array.
+*
+* @param header The raw `Accept-Signature` header value string.
+* @returns An array of parsed members.  Empty if the header is
+*          malformed or empty.
+* @since 2.1.0
+*/
+declare function parseAcceptSignature(header: string): AcceptSignatureMember[];
+/**
+* Serializes an array of {@link AcceptSignatureMember} objects into an
+* `Accept-Signature` header value string (RFC 9421 §5.1).
+*
+* The output is a Dictionary Structured Field (RFC 8941 §3.2).
+*
+* @param members The members to serialize.
+* @returns The serialized header value string.
+* @since 2.1.0
+*/
+declare function formatAcceptSignature(members: AcceptSignatureMember[]): string;
+/**
+* Filters out {@link AcceptSignatureMember} entries whose covered
+* components include response-only identifiers (`@status`) that are
+* not applicable to request-target messages, as required by
+* [RFC 9421 §5](https://www.rfc-editor.org/rfc/rfc9421#section-5).
+*
+* A warning is logged for each discarded entry.
+*
+* @param members The parsed `Accept-Signature` entries to validate.
+* @returns Only entries that are valid for request-target messages.
+* @since 2.1.0
+*/
+declare function validateAcceptSignature(members: AcceptSignatureMember[]): AcceptSignatureMember[];
+/**
+* The result of {@link fulfillAcceptSignature}.  This can be used directly
+* as the `rfc9421` option of {@link SignRequestOptions}.
+* @since 2.1.0
+*/
+interface FulfillAcceptSignatureResult {
+  /** The label for the signature. */
+  label: string;
+  /**
+  * The merged set of covered component identifiers, including all component
+  * parameters, ready to be passed to the signer.
+  */
+  components: AcceptSignatureComponent[];
+  /** The nonce requested by the challenge, if any. */
+  nonce?: string;
+  /** The tag requested by the challenge, if any. */
+  tag?: string;
+  /**
+  * If `true`, the challenger requested that the signer generate and include
+  * an expiration timestamp in the signature parameters.
+  */
+  expires?: true;
+}
+/**
+* Attempts to translate an {@link AcceptSignatureMember} challenge into
+* RFC 9421 signing options that the local signer can fulfill.
+*
+* Returns `null` if the challenge cannot be fulfilled—for example, if
+* the requested `alg` or `keyid` is incompatible with the local key.
+*
+* Safety constraints:
+* - `alg`: only honored if it matches `localAlg`.
+* - `keyid`: only honored if it matches `localKeyId`.
+* - `components`: passed through exactly as requested, per RFC 9421 §5.2.
+* - `nonce`, `tag`, and `expires` are passed through directly.
+*
+* @param entry The challenge entry from the `Accept-Signature` header.
+* @param localKeyId The local key identifier (e.g., the actor key URL).
+* @param localAlg The algorithm of the local private key
+*                 (e.g., `"rsa-v1_5-sha256"`).
+* @returns Signing options if the challenge can be fulfilled, or `null`.
+* @since 2.1.0
+*/
+declare function fulfillAcceptSignature(entry: AcceptSignatureMember, localKeyId: string, localAlg: string): FulfillAcceptSignatureResult | null;
+//#endregion
 //#region src/sig/http.d.ts
 /**
 * The standard to use for signing and verifying HTTP signatures.
@@ -184,6 +372,45 @@ interface SignRequestOptions {
   * is used.
   */
   tracerProvider?: TracerProvider;
+  /**
+  * Options specific to the RFC 9421 signing path.  These options are
+  * ignored when `spec` is `"draft-cavage-http-signatures-12"`.
+  * @since 2.1.0
+  */
+  rfc9421?: Rfc9421SignRequestOptions;
+}
+/**
+* Options for customizing the RFC 9421 signature label, covered components,
+* and metadata parameters.  These are typically derived from an
+* `Accept-Signature` challenge.
+* @since 2.1.0
+*/
+interface Rfc9421SignRequestOptions {
+  /**
+  * The label for the signature in `Signature-Input` and `Signature` headers.
+  * @default `"sig1"`
+  */
+  label?: string;
+  /**
+  * The covered component identifiers.  When omitted, the default set
+  * `["@method", "@target-uri", "@authority", "host", "date"]`
+  * (plus `"content-digest"` when a body is present) is used.
+  */
+  components?: AcceptSignatureComponent[];
+  /**
+  * A nonce value to include in the signature parameters.
+  */
+  nonce?: string;
+  /**
+  * A tag value to include in the signature parameters.
+  */
+  tag?: string;
+  /**
+  * If `true`, an expiration timestamp is generated and included in the
+  * signature parameters.  The expiration time defaults to one hour after
+  * the signature creation time.
+  */
+  expires?: true;
 }
 /**
 * Signs a request using the given private key.
@@ -259,6 +486,7 @@ type VerifyRequestFailureReason = {
 type VerifyRequestDetailedResult = {
   readonly verified: true;
   readonly key: CryptographicKey;
+  readonly signatureLabel?: string;
 } | {
   readonly verified: false;
   readonly reason: VerifyRequestFailureReason;
@@ -313,4 +541,4 @@ interface HttpMessageSignaturesSpecDeterminer {
 * @since 1.6.0
 */
 //#endregion
-export { FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, SignRequestOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, exportJwk, fetchKey, fetchKeyDetailed, generateCryptoKeyPair, importJwk, signRequest, verifyRequest, verifyRequestDetailed };
+export { AcceptSignatureMember, AcceptSignatureParameters, FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, FulfillAcceptSignatureResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, Rfc9421SignRequestOptions, SignRequestOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, exportJwk, fetchKey, fetchKeyDetailed, formatAcceptSignature, fulfillAcceptSignature, generateCryptoKeyPair, importJwk, parseAcceptSignature, signRequest, validateAcceptSignature, verifyRequest, verifyRequestDetailed };