@fedify/fedify 2.2.0-dev.613 → 2.2.0-dev.622

package/dist/{http-CKaqhjvP.js → http-CNsnyqrO.mjs}

@@ -1,20 +1,17 @@
-
-      import { Temporal } from "@js-temporal/polyfill";
-      import { URLPattern } from "urlpattern-polyfill";
-      globalThis.addEventListener = () => {};
-    
-import { deno_default } from "./deno-CnMqla6T.js";
-import { fulfillAcceptSignature, parseAcceptSignature, validateAcceptSignature } from "./accept-D7sAxyNa.js";
-import { fetchKeyDetailed, validateCryptoKey } from "./key-DFLFXKER.js";
+import { Temporal } from "@js-temporal/polyfill";
+import "urlpattern-polyfill";
+globalThis.addEventListener = () => {};
+import { n as version, t as name } from "./deno-D682wzlW.mjs";
+import { i as validateAcceptSignature, n as fulfillAcceptSignature, r as parseAcceptSignature } from "./accept-Dd__NiUL.mjs";
+import { o as validateCryptoKey, r as fetchKeyDetailed } from "./key-vL60OvqM.mjs";
 import { CryptographicKey } from "@fedify/vocab";
+import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { FetchError } from "@fedify/vocab-runtime";
 import { getLogger } from "@logtape/logtape";
-import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
 import { encodeHex } from "byte-encodings/hex";
 import { Item, decodeDict, encodeItem } from "structured-field-values";
-
 //#region src/sig/http.ts
 const DEFAULT_MAX_REDIRECTION = 20;
 /**
@@ -28,9 +25,7 @@ const DEFAULT_MAX_REDIRECTION = 20;
 */
 async function signRequest(request, privateKey, keyId, options = {}) {
 	validateCryptoKey(privateKey, "private");
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	return await tracer.startActiveSpan("http_signatures.sign", async (span) => {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("http_signatures.sign", async (span) => {
 		try {
 			const spec = options.spec ?? "draft-cavage-http-signatures-12";
 			let signed;
@@ -138,9 +133,7 @@ const derivedComponents = {
 * @returns The formatted signature string.
 */
 function formatRfc9421Signature(signature, components, parameters, label = "sig1") {
-	const signatureInputValue = `${label}=(${components.map((c) => formatComponentId(c)).join(" ")});${parameters}`;
-	const signatureValue = `${label}=:${encodeBase64(signature)}:`;
-	return [signatureInputValue, signatureValue];
+	return [`${label}=(${components.map((c) => formatComponentId(c)).join(" ")});${parameters}`, `${label}=:${encodeBase64(signature)}:`];
 }
 /**
 * Parse RFC 9421 Signature-Input header.
@@ -246,12 +239,11 @@ async function signRequestRfc9421(request, privateKey, keyId, span, currentTime,
 		value: "content-digest",
 		params: {}
 	}] : []];
-	const expires = rfc9421Options?.expires === true ? (currentTime.epochMilliseconds / 1e3 | 0) + 3600 : void 0;
 	const signatureParams = formatRfc9421SignatureParameters({
 		algorithm: "rsa-v1_5-sha256",
 		keyId,
 		created,
-		expires,
+		expires: rfc9421Options?.expires === true ? (currentTime.epochMilliseconds / 1e3 | 0) + 3600 : void 0,
 		nonce: rfc9421Options?.nonce,
 		tag: rfc9421Options?.tag
 	});
@@ -361,9 +353,7 @@ async function verifyRequest(request, options = {}) {
 * @since 2.1.0
 */
 async function verifyRequestDetailed(request, options = {}) {
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	return await tracer.startActiveSpan("http_signatures.verify", async (span) => {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("http_signatures.verify", async (span) => {
 		if (span.isRecording()) {
 			span.setAttribute(ATTR_HTTP_REQUEST_METHOD, request.method);
 			span.setAttribute(ATTR_URL_FULL, request.url);
@@ -558,8 +548,7 @@ async function verifyRequestDraft(request, span, { documentLoader, contextLoader
 	const message = headerNames.map((name) => `${name}: ` + (name === "(request-target)" ? `${request.method.toLowerCase()} ${new URL(request.url).pathname}` : name === "(created)" ? sigValues.created ?? "" : name === "(expires)" ? sigValues.expires ?? "" : name === "host" ? request.headers.get("host") ?? new URL(request.url).host : request.headers.get(name))).join("\n");
 	const sig = decodeBase64(signature);
 	span?.setAttribute("http_signatures.signature", encodeHex(sig));
-	const verified = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, sig, new TextEncoder().encode(message));
-	if (!verified) {
+	if (!await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, sig, new TextEncoder().encode(message))) {
 		if (cached) {
 			logger.debug("Failed to verify with the cached key {keyId}; signature {signature} is invalid.  Retrying with the freshly fetched key...", {
 				keyId,
@@ -573,7 +562,7 @@ async function verifyRequestDraft(request, span, { documentLoader, contextLoader
 				currentTime,
 				keyCache: {
 					get: () => Promise.resolve(void 0),
-					set: async (keyId$1, key$1) => await keyCache?.set(keyId$1, key$1)
+					set: async (keyId, key) => await keyCache?.set(keyId, key)
 				}
 			});
 		}
@@ -735,9 +724,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 				failure = invalidSignatureResult(keyId);
 				continue;
 			}
-			const body = await request.arrayBuffer();
-			const digestValid = await verifyRfc9421ContentDigest(contentDigestHeader, body);
-			if (!digestValid) {
+			if (!await verifyRfc9421ContentDigest(contentDigestHeader, await request.arrayBuffer())) {
 				logger.debug("Failed to verify; Content-Digest verification failed.", { contentDigest: contentDigestHeader });
 				failure = invalidSignatureResult(keyId);
 				continue;
@@ -795,8 +782,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 		const signatureBaseBytes = new TextEncoder().encode(signatureBase);
 		span?.setAttribute("http_signatures.signature", encodeHex(sigBytes));
 		try {
-			const verified = await crypto.subtle.verify(algorithm, key.publicKey, sigBytes.slice(), signatureBaseBytes);
-			if (verified) return {
+			if (await crypto.subtle.verify(algorithm, key.publicKey, sigBytes.slice(), signatureBaseBytes)) return {
 				verified: true,
 				key,
 				signatureLabel: sigName
@@ -810,7 +796,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 					currentTime,
 					keyCache: {
 						get: () => Promise.resolve(void 0),
-						set: async (keyId$1, key$1) => await keyCache?.set(keyId$1, key$1)
+						set: async (keyId, key) => await keyCache?.set(keyId, key)
 					},
 					spec: "rfc9421"
 				});
@@ -888,8 +874,7 @@ async function doubleKnockInternal(request, identity, options, redirected = 0, v
 	});
 	if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 		if (redirected >= maximumRedirection) throw new FetchError(request.url, `Too many redirections (${redirected + 1})`);
-		const location = response.headers.get("Location");
-		const redirectRequest = createRedirectRequest(request, location, body);
+		const redirectRequest = createRedirectRequest(request, response.headers.get("Location"), body);
 		if (visited.has(redirectRequest.url)) throw new FetchError(request.url, `Redirect loop detected: ${redirectRequest.url}`);
 		return doubleKnockInternal(redirectRequest, identity, {
 			...options,
@@ -937,13 +922,10 @@ async function doubleKnockInternal(request, identity, options, redirected = 0, v
 					redirect: "manual",
 					signal
 				});
-				if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
-					const location = response.headers.get("Location");
-					return doubleKnock(createRedirectRequest(request, location, body), identity, {
-						...options,
-						body
-					});
-				}
+				if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) return doubleKnock(createRedirectRequest(request, response.headers.get("Location"), body), identity, {
+					...options,
+					body
+				});
 			}
 			if (fulfilled && response.status < 300) {
 				await specDeterminer?.rememberSpec(origin, "rfc9421");
@@ -970,8 +952,7 @@ async function doubleKnockInternal(request, identity, options, redirected = 0, v
 		});
 		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 			if (redirected >= maximumRedirection) throw new FetchError(request.url, `Too many redirections (${redirected + 1})`);
-			const location = response.headers.get("Location");
-			const redirectRequest = createRedirectRequest(request, location, body);
+			const redirectRequest = createRedirectRequest(request, response.headers.get("Location"), body);
 			if (visited.has(redirectRequest.url)) throw new FetchError(request.url, `Redirect loop detected: ${redirectRequest.url}`);
 			return doubleKnockInternal(redirectRequest, identity, {
 				...options,
@@ -1008,6 +989,5 @@ function timingSafeEqual(a, b) {
 	result |= lenA ^ lenB;
 	return result === 0;
 }
-
 //#endregion
-export { createRfc9421SignatureBase, doubleKnock, formatRfc9421Signature, formatRfc9421SignatureParameters, parseRfc9421Signature, parseRfc9421SignatureInput, signRequest, timingSafeEqual, verifyRequest, verifyRequestDetailed };
+export { parseRfc9421Signature as a, timingSafeEqual as c, formatRfc9421SignatureParameters as i, verifyRequest as l, doubleKnock as n, parseRfc9421SignatureInput as o, formatRfc9421Signature as r, signRequest as s, createRfc9421SignatureBase as t, verifyRequestDetailed as u };

package/dist/{http-BudnHZE2.d.cts → http-CrGuipxe.d.cts}

@@ -3,7 +3,6 @@ import { DocumentLoader } from "@fedify/vocab-runtime";
 import { TracerProvider } from "@opentelemetry/api";
 
 //#region src/sig/key.d.ts
-
 /**
 * Generates a key pair which is appropriate for Fedify.
 * @param algorithm The algorithm to use.  Currently only RSASSA-PKCS1-v1_5 and
@@ -536,9 +535,5 @@ interface HttpMessageSignaturesSpecDeterminer {
   */
   rememberSpec(origin: string, spec: HttpMessageSignaturesSpec): void | Promise<void>;
 }
-/**
-* The options for double-knock requests.
-* @since 1.6.0
-*/
 //#endregion
-export { AcceptSignatureMember, AcceptSignatureParameters, FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, FulfillAcceptSignatureResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, Rfc9421SignRequestOptions, SignRequestOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, exportJwk, fetchKey, fetchKeyDetailed, formatAcceptSignature, fulfillAcceptSignature, generateCryptoKeyPair, importJwk, parseAcceptSignature, signRequest, validateAcceptSignature, verifyRequest, verifyRequestDetailed };
+export { exportJwk as C, importJwk as D, generateCryptoKeyPair as E, KeyCache as S, fetchKeyDetailed as T, validateAcceptSignature as _, VerifyRequestDetailedResult as a, FetchKeyOptions as b, signRequest as c, AcceptSignatureMember as d, AcceptSignatureParameters as f, parseAcceptSignature as g, fulfillAcceptSignature as h, SignRequestOptions as i, verifyRequest as l, formatAcceptSignature as m, HttpMessageSignaturesSpecDeterminer as n, VerifyRequestFailureReason as o, FulfillAcceptSignatureResult as p, Rfc9421SignRequestOptions as r, VerifyRequestOptions as s, HttpMessageSignaturesSpec as t, verifyRequestDetailed as u, FetchKeyDetailedResult as v, fetchKey as w, FetchKeyResult as x, FetchKeyErrorResult as y };

package/dist/{http-IFqEftoZ.js → http-DhwEMhtv.js}

@@ -1,7 +1,5 @@
-
-          import { Temporal } from "@js-temporal/polyfill";
-          import { URLPattern } from "urlpattern-polyfill";
-        
+import { Temporal } from "@js-temporal/polyfill";
+import "urlpattern-polyfill";
 import { getLogger } from "@logtape/logtape";
 import { CryptographicKey, Object as Object$1, isActor } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
@@ -10,124 +8,18 @@ import { Item, decodeDict, encodeDict, encodeItem } from "structured-field-value
 import { FetchError, getDocumentLoader } from "@fedify/vocab-runtime";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
-
 //#region deno.json
 var name = "@fedify/fedify";
-var version = "2.2.0-dev.613+cf8cd122";
-var license = "MIT";
-var exports = {
-	".": "./src/mod.ts",
-	"./compat": "./src/compat/mod.ts",
-	"./federation": "./src/federation/mod.ts",
-	"./nodeinfo": "./src/nodeinfo/mod.ts",
-	"./otel": "./src/otel/mod.ts",
-	"./runtime": "./src/runtime/mod.ts",
-	"./sig": "./src/sig/mod.ts",
-	"./utils": "./src/utils/mod.ts",
-	"./vocab": "./src/vocab/mod.ts"
-};
-var imports = {
-	"@multiformats/base-x": "npm:@multiformats/base-x@^4.0.1",
-	"@std/assert": "jsr:@std/assert@^0.226.0",
-	"@std/url": "jsr:@std/url@^0.225.1",
-	"asn1js": "npm:asn1js@^3.0.7",
-	"fast-check": "npm:fast-check@^3.22.0",
-	"fetch-mock": "npm:fetch-mock@^12.5.2",
-	"json-canon": "npm:json-canon@^1.0.1",
-	"jsonld": "npm:jsonld@^9.0.0",
-	"pkijs": "npm:pkijs@^3.3.3",
-	"structured-field-values": "npm:structured-field-values@^2.0.4",
-	"uri-template-router": "npm:uri-template-router@^1.0.0",
-	"url-template": "npm:url-template@^3.1.1"
-};
-var exclude = [
-	".test-report.xml",
-	"apidoc/",
-	"dist/",
-	"node_modules/",
-	"npm/",
-	"pnpm-lock.yaml",
-	"src/cfworkers/dist/",
-	"src/cfworkers/fixtures/",
-	"src/cfworkers/imports.ts",
-	"src/cfworkers/README.md",
-	"src/cfworkers/server.ts",
-	"src/cfworkers/server.js",
-	"src/cfworkers/server.js.map"
-];
-var publish = { "exclude": [
-	"**/*.test.ts",
-	"src/testing/",
-	"tsdown.config.ts",
-	"scripts/",
-	"wrangler.toml"
-] };
-var tasks = {
-	"codegen": "deno task -f @fedify/vocab compile",
-	"cache": {
-		"command": "deno cache src/mod.ts",
-		"dependencies": ["codegen"]
-	},
-	"check": {
-		"command": "deno fmt --check && deno lint && deno check src/**/*.ts",
-		"dependencies": ["codegen"]
-	},
-	"test": {
-		"command": "deno test --check --doc --allow-read --allow-write --allow-env --unstable-kv --trace-leaks --parallel",
-		"dependencies": ["codegen"]
-	},
-	"coverage": "deno task test --clean --coverage && deno coverage --html coverage",
-	"bench": {
-		"command": "deno bench --allow-read --allow-write --allow-net --allow-env --allow-run --unstable-kv",
-		"dependencies": ["codegen"]
-	},
-	"apidoc": {
-		"command": "deno doc --html --name=Fedify --output=apidoc/ src/mod.ts",
-		"dependencies": ["codegen"]
-	},
-	"publish": {
-		"command": "deno publish",
-		"dependencies": ["codegen"]
-	},
-	"pnpm:install": "pnpm install --silent",
-	"pnpm:build": {
-		"command": "pnpm exec tsdown",
-		"dependencies": ["pnpm:build-vocab"]
-	},
-	"test:node": {
-		"command": "cd dist/ && node --test",
-		"dependencies": ["pnpm:build"]
-	},
-	"test:bun": {
-		"command": "cd dist/ && bun test --timeout 60000",
-		"dependencies": ["pnpm:build"]
-	},
-	"test:cfworkers": {
-		"command": "pnpm exec wrangler deploy --dry-run --outdir src/cfworkers && node --import=tsx src/cfworkers/client.ts",
-		"dependencies": ["pnpm:build"]
-	},
-	"test-all": { "dependencies": [
-		"check",
-		"test",
-		"test:node",
-		"test:bun",
-		"test:cfworkers"
-	] }
-};
-var deno_default = {
-	name,
-	version,
-	license,
-	exports,
-	imports,
-	exclude,
-	publish,
-	tasks
-};
-
+var version = "2.2.0-dev.622+e54cb037";
 //#endregion
 //#region src/sig/accept.ts
 /**
+* `Accept-Signature` header parsing, serialization, and validation utilities
+* for RFC 9421 §5 challenge-response negotiation.
+*
+* @module
+*/
+/**
 * Parses an `Accept-Signature` header value (RFC 9421 §5.1) into an
 * array of {@link AcceptSignatureMember} objects.
 *
@@ -258,7 +150,6 @@ function fulfillAcceptSignature(entry, localKeyId, localAlg) {
 		expires: entry.parameters.expires
 	};
 }
-
 //#endregion
 //#region src/sig/key.ts
 /**
@@ -274,8 +165,7 @@ function validateCryptoKey(key, type) {
 	if (!key.extractable) throw new TypeError("The key is not extractable.");
 	if (key.algorithm.name !== "RSASSA-PKCS1-v1_5" && key.algorithm.name !== "Ed25519") throw new TypeError("Currently only RSASSA-PKCS1-v1_5 and Ed25519 keys are supported.  More algorithms will be added in the future!");
 	if (key.algorithm.name === "RSASSA-PKCS1-v1_5") {
-		const algorithm = key.algorithm;
-		if (algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
+		if (key.algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
 	}
 }
 /**
@@ -342,8 +232,7 @@ async function importJwk(jwk, type) {
 }
 async function withFetchKeySpan(keyId, tracerProvider, fetcher) {
 	tracerProvider ??= trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	return await tracer.startActiveSpan("activitypub.fetch_key", {
+	return await tracerProvider.getTracer(name, version).startActiveSpan("activitypub.fetch_key", {
 		kind: SpanKind.CLIENT,
 		attributes: {
 			"http.method": "GET",
@@ -404,41 +293,41 @@ function fetchKey(keyId, cls, options = {}) {
 async function fetchKeyDetailed(keyId, cls, options = {}) {
 	const cacheKey = typeof keyId === "string" ? new URL(keyId) : keyId;
 	return await withFetchKeySpan(cacheKey, options.tracerProvider, async () => {
-		return await fetchKeyWithResult(cacheKey, cls, options, async (cacheKey$1, keyId$1, keyCache, logger) => {
-			const fetchError = await keyCache?.getFetchError?.(cacheKey$1);
+		return await fetchKeyWithResult(cacheKey, cls, options, async (cacheKey, keyId, keyCache, logger) => {
+			const fetchError = await keyCache?.getFetchError?.(cacheKey);
 			if (fetchError != null) {
-				logger.debug("Entry {keyId} found in cache with preserved fetch failure details.", { keyId: keyId$1 });
+				logger.debug("Entry {keyId} found in cache with preserved fetch failure details.", { keyId });
 				return {
 					key: null,
 					cached: true,
 					fetchError
 				};
 			}
-			logger.debug("Entry {keyId} found in cache, but no fetch failure details are available.", { keyId: keyId$1 });
+			logger.debug("Entry {keyId} found in cache, but no fetch failure details are available.", { keyId });
 			return {
 				key: null,
 				cached: true
 			};
-		}, async (error, cacheKey$1, keyId$1, keyCache, logger) => {
+		}, async (error, cacheKey, keyId, keyCache, logger) => {
 			logger.debug("Failed to fetch key {keyId}.", {
-				keyId: keyId$1,
+				keyId,
 				error
 			});
-			await keyCache?.set(cacheKey$1, null);
+			await keyCache?.set(cacheKey, null);
 			if (error instanceof FetchError && error.response != null) {
-				const fetchError$1 = {
+				const fetchError = {
 					status: error.response.status,
 					response: error.response.clone()
 				};
-				await keyCache?.setFetchError?.(cacheKey$1, fetchError$1);
+				await keyCache?.setFetchError?.(cacheKey, fetchError);
 				return {
 					key: null,
 					cached: false,
-					fetchError: fetchError$1
+					fetchError
 				};
 			}
 			const fetchError = { error: error instanceof Error ? error : new Error(String(error)) };
-			await keyCache?.setFetchError?.(cacheKey$1, fetchError);
+			await keyCache?.setFetchError?.(cacheKey, fetchError);
 			return {
 				key: null,
 				cached: false,
@@ -484,8 +373,8 @@ async function resolveFetchedKey(document, cacheKey, keyId, cls, { documentLoade
 				contextLoader,
 				tracerProvider
 			});
-		} catch (e$1) {
-			if (e$1 instanceof TypeError) {
+		} catch (e) {
+			if (e instanceof TypeError) {
 				logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
 				await keyCache?.set(cacheKey, null);
 				await clearFetchErrorMetadata(cacheKey, keyCache);
@@ -494,7 +383,7 @@ async function resolveFetchedKey(document, cacheKey, keyId, cls, { documentLoade
 					cached: false
 				};
 			}
-			throw e$1;
+			throw e;
 		}
 	}
 	let key = null;
@@ -575,38 +464,35 @@ async function fetchKeyWithResult(cacheKey, cls, options, onCachedUnavailable, o
 	logger.debug("Fetching key {keyId} to verify signature...", { keyId });
 	let document;
 	try {
-		const remoteDocument = await (options.documentLoader ?? getDocumentLoader())(keyId);
-		document = remoteDocument.document;
+		document = (await (options.documentLoader ?? getDocumentLoader())(keyId)).document;
 	} catch (error) {
 		return await onFetchError(error, cacheKey, keyId, keyCache, logger);
 	}
 	return await resolveFetchedKey(document, cacheKey, keyId, cls, options, logger);
 }
 async function fetchKeyInternal(keyId, cls, options = {}) {
-	const cacheKey = typeof keyId === "string" ? new URL(keyId) : keyId;
-	return await fetchKeyWithResult(cacheKey, cls, options, (_cacheKey, _keyId, _keyCache, _logger) => {
+	return await fetchKeyWithResult(typeof keyId === "string" ? new URL(keyId) : keyId, cls, options, (_cacheKey, _keyId, _keyCache, _logger) => {
 		return {
 			key: null,
 			cached: true
 		};
-	}, async (error, cacheKey$1, keyId$1, keyCache, logger) => {
+	}, async (error, cacheKey, keyId, keyCache, logger) => {
 		logger.debug("Failed to fetch key {keyId}.", {
-			keyId: keyId$1,
+			keyId,
 			error
 		});
-		await keyCache?.set(cacheKey$1, null);
-		if (error instanceof FetchError && error.response != null) await keyCache?.setFetchError?.(cacheKey$1, {
+		await keyCache?.set(cacheKey, null);
+		if (error instanceof FetchError && error.response != null) await keyCache?.setFetchError?.(cacheKey, {
 			status: error.response.status,
 			response: error.response.clone()
 		});
-		else await keyCache?.setFetchError?.(cacheKey$1, { error: error instanceof Error ? error : new Error(String(error)) });
+		else await keyCache?.setFetchError?.(cacheKey, { error: error instanceof Error ? error : new Error(String(error)) });
 		return {
 			key: null,
 			cached: false
 		};
 	});
 }
-
 //#endregion
 //#region src/sig/http.ts
 const DEFAULT_MAX_REDIRECTION = 20;
@@ -621,9 +507,7 @@ const DEFAULT_MAX_REDIRECTION = 20;
 */
 async function signRequest(request, privateKey, keyId, options = {}) {
 	validateCryptoKey(privateKey, "private");
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	return await tracer.startActiveSpan("http_signatures.sign", async (span) => {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("http_signatures.sign", async (span) => {
 		try {
 			const spec = options.spec ?? "draft-cavage-http-signatures-12";
 			let signed;
@@ -632,7 +516,7 @@ async function signRequest(request, privateKey, keyId, options = {}) {
 			if (span.isRecording()) {
 				span.setAttribute(ATTR_HTTP_REQUEST_METHOD, signed.method);
 				span.setAttribute(ATTR_URL_FULL, signed.url);
-				for (const [name$1, value] of signed.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(name$1), value);
+				for (const [name, value] of signed.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(name), value);
 				span.setAttribute("http_signatures.key_id", keyId.href);
 			}
 			return signed;
@@ -660,8 +544,8 @@ async function signRequestDraft(request, privateKey, keyId, span, currentTime, b
 	}
 	if (!headers.has("Date")) headers.set("Date", currentTime == null ? (/* @__PURE__ */ new Date()).toUTCString() : new Date(currentTime.toString()).toUTCString());
 	const serialized = [["(request-target)", `${request.method.toLowerCase()} ${url.pathname}`], ...headers];
-	const headerNames = serialized.map(([name$1]) => name$1);
-	const message = serialized.map(([name$1, value]) => `${name$1}: ${value.trim()}`).join("\n");
+	const headerNames = serialized.map(([name]) => name);
+	const message = serialized.map(([name, value]) => `${name}: ${value.trim()}`).join("\n");
 	const signature = await crypto.subtle.sign("RSASSA-PKCS1-v1_5", privateKey, new TextEncoder().encode(message));
 	const sigHeader = `keyId="${keyId.href}",algorithm="rsa-sha256",headers="${headerNames.join(" ")}",signature="${encodeBase64(signature)}"`;
 	headers.set("Signature", sigHeader);
@@ -731,9 +615,7 @@ const derivedComponents = {
 * @returns The formatted signature string.
 */
 function formatRfc9421Signature(signature, components, parameters, label = "sig1") {
-	const signatureInputValue = `${label}=(${components.map((c) => formatComponentId(c)).join(" ")});${parameters}`;
-	const signatureValue = `${label}=:${encodeBase64(signature)}:`;
-	return [signatureInputValue, signatureValue];
+	return [`${label}=(${components.map((c) => formatComponentId(c)).join(" ")});${parameters}`, `${label}=:${encodeBase64(signature)}:`];
 }
 /**
 * Parse RFC 9421 Signature-Input header.
@@ -839,12 +721,11 @@ async function signRequestRfc9421(request, privateKey, keyId, span, currentTime,
 		value: "content-digest",
 		params: {}
 	}] : []];
-	const expires = rfc9421Options?.expires === true ? (currentTime.epochMilliseconds / 1e3 | 0) + 3600 : void 0;
 	const signatureParams = formatRfc9421SignatureParameters({
 		algorithm: "rsa-v1_5-sha256",
 		keyId,
 		created,
-		expires,
+		expires: rfc9421Options?.expires === true ? (currentTime.epochMilliseconds / 1e3 | 0) + 3600 : void 0,
 		nonce: rfc9421Options?.nonce,
 		tag: rfc9421Options?.tag
 	});
@@ -954,13 +835,11 @@ async function verifyRequest(request, options = {}) {
 * @since 2.1.0
 */
 async function verifyRequestDetailed(request, options = {}) {
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	return await tracer.startActiveSpan("http_signatures.verify", async (span) => {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("http_signatures.verify", async (span) => {
 		if (span.isRecording()) {
 			span.setAttribute(ATTR_HTTP_REQUEST_METHOD, request.method);
 			span.setAttribute(ATTR_URL_FULL, request.url);
-			for (const [name$1, value] of request.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(name$1), value);
+			for (const [name, value] of request.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(name), value);
 		}
 		try {
 			let spec = options.spec;
@@ -1148,11 +1027,10 @@ async function verifyRequestDraft(request, span, { documentLoader, contextLoader
 		logger.debug("Failed to verify; required headers missing in the Signature header: {headers}.", { headers });
 		return invalidSignatureResult(keyIdUrl);
 	}
-	const message = headerNames.map((name$1) => `${name$1}: ` + (name$1 === "(request-target)" ? `${request.method.toLowerCase()} ${new URL(request.url).pathname}` : name$1 === "(created)" ? sigValues.created ?? "" : name$1 === "(expires)" ? sigValues.expires ?? "" : name$1 === "host" ? request.headers.get("host") ?? new URL(request.url).host : request.headers.get(name$1))).join("\n");
+	const message = headerNames.map((name) => `${name}: ` + (name === "(request-target)" ? `${request.method.toLowerCase()} ${new URL(request.url).pathname}` : name === "(created)" ? sigValues.created ?? "" : name === "(expires)" ? sigValues.expires ?? "" : name === "host" ? request.headers.get("host") ?? new URL(request.url).host : request.headers.get(name))).join("\n");
 	const sig = decodeBase64(signature);
 	span?.setAttribute("http_signatures.signature", encodeHex(sig));
-	const verified = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, sig, new TextEncoder().encode(message));
-	if (!verified) {
+	if (!await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, sig, new TextEncoder().encode(message))) {
 		if (cached) {
 			logger.debug("Failed to verify with the cached key {keyId}; signature {signature} is invalid.  Retrying with the freshly fetched key...", {
 				keyId,
@@ -1166,7 +1044,7 @@ async function verifyRequestDraft(request, span, { documentLoader, contextLoader
 				currentTime,
 				keyCache: {
 					get: () => Promise.resolve(void 0),
-					set: async (keyId$1, key$1) => await keyCache?.set(keyId$1, key$1)
+					set: async (keyId, key) => await keyCache?.set(keyId, key)
 				}
 			});
 		}
@@ -1328,9 +1206,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 				failure = invalidSignatureResult(keyId);
 				continue;
 			}
-			const body = await request.arrayBuffer();
-			const digestValid = await verifyRfc9421ContentDigest(contentDigestHeader, body);
-			if (!digestValid) {
+			if (!await verifyRfc9421ContentDigest(contentDigestHeader, await request.arrayBuffer())) {
 				logger.debug("Failed to verify; Content-Digest verification failed.", { contentDigest: contentDigestHeader });
 				failure = invalidSignatureResult(keyId);
 				continue;
@@ -1388,8 +1264,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 		const signatureBaseBytes = new TextEncoder().encode(signatureBase);
 		span?.setAttribute("http_signatures.signature", encodeHex(sigBytes));
 		try {
-			const verified = await crypto.subtle.verify(algorithm, key.publicKey, sigBytes.slice(), signatureBaseBytes);
-			if (verified) return {
+			if (await crypto.subtle.verify(algorithm, key.publicKey, sigBytes.slice(), signatureBaseBytes)) return {
 				verified: true,
 				key,
 				signatureLabel: sigName
@@ -1403,7 +1278,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 					currentTime,
 					keyCache: {
 						get: () => Promise.resolve(void 0),
-						set: async (keyId$1, key$1) => await keyCache?.set(keyId$1, key$1)
+						set: async (keyId, key) => await keyCache?.set(keyId, key)
 					},
 					spec: "rfc9421"
 				});
@@ -1481,8 +1356,7 @@ async function doubleKnockInternal(request, identity, options, redirected = 0, v
 	});
 	if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 		if (redirected >= maximumRedirection) throw new FetchError(request.url, `Too many redirections (${redirected + 1})`);
-		const location = response.headers.get("Location");
-		const redirectRequest = createRedirectRequest(request, location, body);
+		const redirectRequest = createRedirectRequest(request, response.headers.get("Location"), body);
 		if (visited.has(redirectRequest.url)) throw new FetchError(request.url, `Redirect loop detected: ${redirectRequest.url}`);
 		return doubleKnockInternal(redirectRequest, identity, {
 			...options,
@@ -1530,13 +1404,10 @@ async function doubleKnockInternal(request, identity, options, redirected = 0, v
 					redirect: "manual",
 					signal
 				});
-				if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
-					const location = response.headers.get("Location");
-					return doubleKnock(createRedirectRequest(request, location, body), identity, {
-						...options,
-						body
-					});
-				}
+				if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) return doubleKnock(createRedirectRequest(request, response.headers.get("Location"), body), identity, {
+					...options,
+					body
+				});
 			}
 			if (fulfilled && response.status < 300) {
 				await specDeterminer?.rememberSpec(origin, "rfc9421");
@@ -1563,8 +1434,7 @@ async function doubleKnockInternal(request, identity, options, redirected = 0, v
 		});
 		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 			if (redirected >= maximumRedirection) throw new FetchError(request.url, `Too many redirections (${redirected + 1})`);
-			const location = response.headers.get("Location");
-			const redirectRequest = createRedirectRequest(request, location, body);
+			const redirectRequest = createRedirectRequest(request, response.headers.get("Location"), body);
 			if (visited.has(redirectRequest.url)) throw new FetchError(request.url, `Redirect loop detected: ${redirectRequest.url}`);
 			return doubleKnockInternal(redirectRequest, identity, {
 				...options,
@@ -1601,6 +1471,5 @@ function timingSafeEqual(a, b) {
 	result |= lenA ^ lenB;
 	return result === 0;
 }
-
 //#endregion
-export { deno_default, doubleKnock, exportJwk, fetchKey, fetchKeyDetailed, formatAcceptSignature, fulfillAcceptSignature, generateCryptoKeyPair, importJwk, parseAcceptSignature, parseRfc9421SignatureInput, signRequest, validateAcceptSignature, validateCryptoKey, verifyRequest, verifyRequestDetailed };
+export { version as _, verifyRequestDetailed as a, fetchKeyDetailed as c, validateCryptoKey as d, formatAcceptSignature as f, name as g, validateAcceptSignature as h, verifyRequest as i, generateCryptoKeyPair as l, parseAcceptSignature as m, parseRfc9421SignatureInput as n, exportJwk as o, fulfillAcceptSignature as p, signRequest as r, fetchKey as s, doubleKnock as t, importJwk as u };