@fedify/fedify 2.2.0-dev.924 → 2.2.0-dev.938

package/dist/{proof-DDZ2W7TX.mjs → proof-B9ynOKyy.mjs}

@@ -1,9 +1,10 @@
 import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-BukNyK1t.mjs";
-import { n as fetchKey, o as validateCryptoKey } from "./key-DAfSmMg7.mjs";
-import { t as normalizePublicAudience } from "./public-audience-eovWqzOF.mjs";
+import { n as version, t as name } from "./deno-sVjM503s.mjs";
+import { n as fetchKey, o as validateCryptoKey } from "./key-Ch1SiRyF.mjs";
+import { n as preloadedOnlyDocumentLoader } from "./public-audience-DYFHzm_c.mjs";
+import { r as normalizeOutgoingActivityJsonLd } from "./outgoing-jsonld-CNmZLixq.mjs";
 import { Activity, DataIntegrityProof, Multikey, getTypeId } from "@fedify/vocab";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { getLogger } from "@logtape/logtape";
@@ -62,7 +63,7 @@ async function createProof(object, privateKey, keyId, { contextLoader, context,
 		contextLoader,
 		context
 	});
-	compactMsg = await normalizePublicAudience(compactMsg, contextLoader);
+	compactMsg = await normalizeOutgoingActivityJsonLd(compactMsg, contextLoader);
 	const msgCanon = serialize(compactMsg);
 	const encoder = new TextEncoder();
 	const msgBytes = encoder.encode(msgCanon);
@@ -173,9 +174,6 @@ async function verifyProofInternal(jsonLd, proof, options) {
 	const msg = { ...jsonLd };
 	if ("proof" in msg) delete msg.proof;
 	if ("https://w3id.org/security#proof" in msg) delete msg["https://w3id.org/security#proof"];
-	const candidates = [msg];
-	const normalized = await normalizePublicAudience(msg, options.contextLoader);
-	if (normalized !== msg) candidates.push(normalized);
 	let fetchedKey;
 	try {
 		fetchedKey = await publicKeyPromise;
@@ -217,12 +215,16 @@ async function verifyProofInternal(jsonLd, proof, options) {
 	}
 	const digest = new Uint8Array(proofDigest.byteLength + 32);
 	digest.set(new Uint8Array(proofDigest), 0);
-	for (const candidate of candidates) {
+	const proofValue = proof.proofValue;
+	const verifyCandidate = async (candidate) => {
 		const msgBytes = encoder.encode(serialize(candidate));
 		const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
 		digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
-		if (await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) return publicKey;
-	}
+		return await crypto.subtle.verify("Ed25519", publicKey.publicKey, proofValue.slice(), digest);
+	};
+	if (await verifyCandidate(msg)) return publicKey;
+	const normalized = await normalizeOutgoingActivityJsonLd(msg, preloadedOnlyDocumentLoader);
+	if (normalized !== msg && await verifyCandidate(normalized)) return publicKey;
 	if (fetchedKey.cached) {
 		logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
 			keyId: proof.verificationMethodId.href,

package/dist/{proof-DgRfG4AE.cjs → proof-Bku-2gS1.cjs}

@@ -1,7 +1,7 @@
 const { Temporal } = require("@js-temporal/polyfill");
 const { URLPattern } = require("urlpattern-polyfill");
 const require_chunk = require("./chunk-DDcVe30Y.cjs");
-const require_http = require("./http-1uLerNXX.cjs");
+const require_http = require("./http-De4te5mA.cjs");
 let _logtape_logtape = require("@logtape/logtape");
 let _fedify_vocab = require("@fedify/vocab");
 let _opentelemetry_api = require("@opentelemetry/api");
@@ -13,7 +13,7 @@ _fedify_vocab_runtime_jsonld = require_chunk.__toESM(_fedify_vocab_runtime_jsonl
 let json_canon = require("json-canon");
 json_canon = require_chunk.__toESM(json_canon);
 //#region src/sig/ld.ts
-const logger$2 = (0, _logtape_logtape.getLogger)([
+const logger$3 = (0, _logtape_logtape.getLogger)([
 	"fedify",
 	"sig",
 	"ld"
@@ -161,7 +161,7 @@ async function verifySignature(jsonLd, options = {}) {
 	try {
 		signature = (0, byte_encodings_base64.decodeBase64)(sig.signatureValue);
 	} catch (error) {
-		logger$2.debug("Failed to verify; invalid base64 signatureValue: {signatureValue}", {
+		logger$3.debug("Failed to verify; invalid base64 signatureValue: {signatureValue}", {
 			...sig,
 			error
 		});
@@ -180,7 +180,7 @@ async function verifySignature(jsonLd, options = {}) {
 	try {
 		sigOptsHash = await hashJsonLd(sigOpts, options.contextLoader);
 	} catch (error) {
-		logger$2.warn("Failed to verify; failed to hash the signature options: {signatureOptions}\n{error}", {
+		logger$3.warn("Failed to verify; failed to hash the signature options: {signatureOptions}\n{error}", {
 			signatureOptions: sigOpts,
 			error
 		});
@@ -192,7 +192,7 @@ async function verifySignature(jsonLd, options = {}) {
 	try {
 		docHash = await hashJsonLd(document, options.contextLoader);
 	} catch (error) {
-		logger$2.warn("Failed to verify; failed to hash the document: {document}\n{error}", {
+		logger$3.warn("Failed to verify; failed to hash the document: {document}\n{error}", {
 			document,
 			error
 		});
@@ -203,7 +203,7 @@ async function verifySignature(jsonLd, options = {}) {
 	const messageBytes = encoder.encode(message);
 	if (await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes)) return key;
 	if (cached) {
-		logger$2.debug("Failed to verify with the cached key {keyId}; signature {signatureValue} is invalid.  Retrying with the freshly fetched key...", {
+		logger$3.debug("Failed to verify with the cached key {keyId}; signature {signatureValue} is invalid.  Retrying with the freshly fetched key...", {
 			keyId: sig.creator,
 			...sig
 		});
@@ -217,7 +217,7 @@ async function verifySignature(jsonLd, options = {}) {
 		if (key == null) return null;
 		return await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes) ? key : null;
 	}
-	logger$2.debug("Failed to verify with the fetched key {keyId}; signature {signatureValue} is invalid.  Check if the key is correct or if the signed message is correct.  The message to sign is:\n{message}", {
+	logger$3.debug("Failed to verify with the fetched key {keyId}; signature {signatureValue} is invalid.  Check if the key is correct or if the signed message is correct.  The message to sign is:\n{message}", {
 		keyId: sig.creator,
 		...sig,
 		message
@@ -249,12 +249,12 @@ async function verifyJsonLd(jsonLd, options = {}) {
 			const key = await verifySignature(jsonLd, options);
 			if (key == null) return false;
 			if (key.ownerId == null) {
-				logger$2.debug("Key {keyId} has no owner.", { keyId: key.id?.href });
+				logger$3.debug("Key {keyId} has no owner.", { keyId: key.id?.href });
 				return false;
 			}
 			attributions.delete(key.ownerId.href);
 			if (attributions.size > 0) {
-				logger$2.debug("Some attributions are not authenticated by the Linked Data Signatures: {attributions}.", { attributions: [...attributions] });
+				logger$3.debug("Some attributions are not authenticated by the Linked Data Signatures: {attributions}.", { attributions: [...attributions] });
 				return false;
 			}
 			return true;
@@ -389,8 +389,27 @@ async function getKeyOwner(keyId, options) {
 	return null;
 }
 //#endregion
+//#region src/compat/preloaded-context-loader.ts
+/**
+* A restricted JSON-LD document loader that resolves only contexts bundled
+* with Fedify.
+*
+* This is intentionally narrower than `getDocumentLoader()`: normalization
+* helpers are also reached from verification paths that operate on inbound,
+* attacker-controlled JSON-LD, so the default fallback must never fetch
+* attacker-supplied context URLs.
+*/
+const preloadedOnlyDocumentLoader = (url) => {
+	if (Object.hasOwn(_fedify_vocab_runtime.preloadedContexts, url)) return Promise.resolve({
+		contextUrl: null,
+		documentUrl: url,
+		document: _fedify_vocab_runtime.preloadedContexts[url]
+	});
+	return Promise.reject(/* @__PURE__ */ new Error("Refusing to fetch a non-preloaded JSON-LD context: " + url));
+};
+//#endregion
 //#region src/compat/public-audience.ts
-const logger$1 = (0, _logtape_logtape.getLogger)([
+const logger$2 = (0, _logtape_logtape.getLogger)([
 	"fedify",
 	"compat",
 	"public-audience"
@@ -402,20 +421,12 @@ const PUBLIC_ADDRESSING_FIELDS = new Set([
 	"bcc",
 	"audience"
 ]);
-const preloadedOnlyDocumentLoader = (url) => {
-	if (Object.hasOwn(_fedify_vocab_runtime.preloadedContexts, url)) return Promise.resolve({
-		contextUrl: null,
-		documentUrl: url,
-		document: _fedify_vocab_runtime.preloadedContexts[url]
-	});
-	return Promise.reject(/* @__PURE__ */ new Error("Refusing to fetch a non-preloaded JSON-LD context: " + url));
-};
-const AS_CONTEXT_URL = "https://www.w3.org/ns/activitystreams";
-const MAX_TRAVERSAL_DEPTH = 64;
-const KNOWN_SAFE_CONTEXT_URLS = new Set(Object.keys(_fedify_vocab_runtime.preloadedContexts));
+const AS_CONTEXT_URL$1 = "https://www.w3.org/ns/activitystreams";
+const MAX_TRAVERSAL_DEPTH$1 = 64;
+const KNOWN_SAFE_CONTEXT_URLS$1 = new Set(Object.keys(_fedify_vocab_runtime.preloadedContexts));
 function hasPublicCurieInAddressing(value, parentKey, depth = 0) {
 	if (typeof value === "string") return parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public");
-	if (depth >= MAX_TRAVERSAL_DEPTH) return false;
+	if (depth >= MAX_TRAVERSAL_DEPTH$1) return false;
 	if (Array.isArray(value)) return value.some((item) => hasPublicCurieInAddressing(item, parentKey, depth + 1));
 	if (typeof value !== "object" || value == null) return false;
 	const record = value;
@@ -427,7 +438,7 @@ function hasPublicCurieInAddressing(value, parentKey, depth = 0) {
 }
 function rewritePublicAudience(value, parentKey, depth = 0) {
 	if (typeof value === "string" && parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public")) return _fedify_vocab.PUBLIC_COLLECTION.href;
-	if (depth >= MAX_TRAVERSAL_DEPTH) return value;
+	if (depth >= MAX_TRAVERSAL_DEPTH$1) return value;
 	if (Array.isArray(value)) {
 		let changed = false;
 		const mapped = value.map((item) => {
@@ -455,14 +466,14 @@ function rewritePublicAudience(value, parentKey, depth = 0) {
 * even when the top-level `@context` is safe, so the fast path must defer
 * to the URDNA2015 equivalence check whenever one is present.
 */
-function hasNestedContext(value, depth = 0) {
-	if (depth >= MAX_TRAVERSAL_DEPTH) return true;
-	if (Array.isArray(value)) return value.some((item) => hasNestedContext(item, depth + 1));
+function hasNestedContext$1(value, depth = 0) {
+	if (depth >= MAX_TRAVERSAL_DEPTH$1) return true;
+	if (Array.isArray(value)) return value.some((item) => hasNestedContext$1(item, depth + 1));
 	if (typeof value !== "object" || value == null) return false;
 	const record = value;
 	for (const key of Object.keys(record)) {
 		if (key === "@context") return true;
-		if (hasNestedContext(record[key], depth + 1)) return true;
+		if (hasNestedContext$1(record[key], depth + 1)) return true;
 	}
 	return false;
 }
@@ -478,7 +489,7 @@ function hasNestedContext(value, depth = 0) {
 * objects at the top level, nested `@context` blocks) is treated as
 * potentially unsafe.
 */
-function hasKnownSafeContext(jsonLd) {
+function hasKnownSafeContext$1(jsonLd) {
 	if (typeof jsonLd !== "object" || jsonLd == null) return false;
 	const record = jsonLd;
 	if (!Object.hasOwn(record, "@context")) return false;
@@ -488,13 +499,13 @@ function hasKnownSafeContext(jsonLd) {
 	let hasAs = false;
 	for (const entry of entries) {
 		if (typeof entry !== "string") return false;
-		if (!KNOWN_SAFE_CONTEXT_URLS.has(entry)) return false;
-		if (entry === AS_CONTEXT_URL) hasAs = true;
+		if (!KNOWN_SAFE_CONTEXT_URLS$1.has(entry)) return false;
+		if (entry === AS_CONTEXT_URL$1) hasAs = true;
 	}
 	if (!hasAs) return false;
 	for (const key of Object.keys(record)) {
 		if (key === "@context") continue;
-		if (hasNestedContext(record[key])) return false;
+		if (hasNestedContext$1(record[key])) return false;
 	}
 	return true;
 }
@@ -544,6 +555,192 @@ function hasKnownSafeContext(jsonLd) {
 async function normalizePublicAudience(jsonLd, contextLoader) {
 	if (!hasPublicCurieInAddressing(jsonLd)) return jsonLd;
 	const normalized = rewritePublicAudience(jsonLd);
+	if (hasKnownSafeContext$1(jsonLd)) return normalized;
+	const loader = contextLoader ?? preloadedOnlyDocumentLoader;
+	try {
+		const [before, after] = await Promise.all([_fedify_vocab_runtime_jsonld.default.canonize(jsonLd, {
+			format: "application/n-quads",
+			documentLoader: loader
+		}), _fedify_vocab_runtime_jsonld.default.canonize(normalized, {
+			format: "application/n-quads",
+			documentLoader: loader
+		})]);
+		if (before === after) return normalized;
+		logger$2.warn("Expanding the public audience CURIE to its full URI would change the canonical form of the activity; sending the activity as is.  This usually means the active JSON-LD context redefines the `as:` prefix or the bare `Public` term.");
+	} catch (error) {
+		logger$2.debug("Failed to verify public audience normalization equivalence via JSON-LD canonicalization; sending the activity as is.\n{error}", { error });
+	}
+	return jsonLd;
+}
+//#endregion
+//#region src/compat/outgoing-jsonld.ts
+const logger$1 = (0, _logtape_logtape.getLogger)([
+	"fedify",
+	"compat",
+	"outgoing-jsonld"
+]);
+const ATTACHMENT_FIELDS = new Set(["attachment", "https://www.w3.org/ns/activitystreams#attachment"]);
+const AS_CONTEXT_URL = "https://www.w3.org/ns/activitystreams";
+const KNOWN_SAFE_CONTEXT_URLS = getKnownSafeContextUrls();
+const MAX_TRAVERSAL_DEPTH = 64;
+function isJsonLdListObject(value) {
+	return typeof value === "object" && value != null && Object.hasOwn(value, "@list");
+}
+function isJsonLdValueObject(value) {
+	return typeof value === "object" && value != null && Object.hasOwn(value, "@value");
+}
+function* getContextObjects(value, seen = /* @__PURE__ */ new WeakSet()) {
+	if (Array.isArray(value)) {
+		if (seen.has(value)) return;
+		seen.add(value);
+		for (const item of value) yield* getContextObjects(item, seen);
+		return;
+	}
+	if (typeof value === "object" && value != null) {
+		if (seen.has(value)) return;
+		seen.add(value);
+		const record = value;
+		yield record;
+		for (const definition of Object.values(record)) {
+			if (typeof definition !== "object" || definition == null) continue;
+			const nestedContext = definition["@context"];
+			if (nestedContext == null) continue;
+			yield* getContextObjects(nestedContext, seen);
+		}
+	}
+}
+function isActivityStreamsAttachmentTerm(value) {
+	return typeof value === "object" && value != null && value["@id"] === "as:attachment" && value["@type"] === "@id";
+}
+/** @internal */
+function isPreloadedContextAttachmentSafe(document) {
+	if (typeof document !== "object" || document == null) return true;
+	const context = document["@context"];
+	for (const contextObject of getContextObjects(context)) {
+		if (!Object.hasOwn(contextObject, "attachment")) continue;
+		if (isActivityStreamsAttachmentTerm(contextObject.attachment)) continue;
+		return false;
+	}
+	return true;
+}
+function getKnownSafeContextUrls() {
+	const urls = /* @__PURE__ */ new Set();
+	for (const [url, document] of Object.entries(_fedify_vocab_runtime.preloadedContexts)) if (isPreloadedContextAttachmentSafe(document)) urls.add(url);
+	else logger$1.warn("Preloaded JSON-LD context {contextUrl} redefines the `attachment` term incompatibly; attachment array normalization will require canonicalization for documents using it.", { contextUrl: url });
+	return urls;
+}
+/**
+* Wraps scalar ActivityStreams attachment properties in arrays.
+*/
+function wrapScalarAttachments(jsonLd, depth = 0) {
+	if (depth >= MAX_TRAVERSAL_DEPTH) return jsonLd;
+	if (Array.isArray(jsonLd)) {
+		let normalized = null;
+		for (let i = 0; i < jsonLd.length; i++) {
+			const item = jsonLd[i];
+			const next = wrapScalarAttachments(item, depth + 1);
+			if (normalized == null && next !== item) normalized = jsonLd.slice(0, i);
+			if (normalized != null) normalized[i] = next;
+		}
+		return normalized ?? jsonLd;
+	}
+	if (typeof jsonLd !== "object" || jsonLd == null) return jsonLd;
+	const record = jsonLd;
+	const keys = Object.keys(record);
+	let normalized = null;
+	for (let i = 0; i < keys.length; i++) {
+		const key = keys[i];
+		const value = record[key];
+		const next = key === "@context" || key === "@value" && isJsonLdValueObject(jsonLd) ? value : wrapScalarAttachments(value, depth + 1);
+		const output = ATTACHMENT_FIELDS.has(key) && next != null && !Array.isArray(next) && !isJsonLdListObject(next) ? [next] : next;
+		if (normalized == null && output !== value) {
+			const cloned = Object.create(null);
+			for (let j = 0; j < i; j++) {
+				const previousKey = keys[j];
+				cloned[previousKey] = record[previousKey];
+			}
+			normalized = cloned;
+		}
+		if (normalized != null) normalized[key] = output;
+	}
+	return normalized ?? jsonLd;
+}
+function hasNestedContext(value, depth = 0) {
+	if (depth >= MAX_TRAVERSAL_DEPTH) return true;
+	if (Array.isArray(value)) return value.some((item) => hasNestedContext(item, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") return true;
+		if (key === "@value" && isJsonLdValueObject(value)) continue;
+		if (hasNestedContext(record[key], depth + 1)) return true;
+	}
+	return false;
+}
+function exceedsTraversalDepth(value, depth = 0) {
+	if (depth >= MAX_TRAVERSAL_DEPTH) return true;
+	if (Array.isArray(value)) return value.some((item) => exceedsTraversalDepth(item, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context" || key === "@value" && isJsonLdValueObject(value)) continue;
+		if (exceedsTraversalDepth(record[key], depth + 1)) return true;
+	}
+	return false;
+}
+function hasKnownSafeContext(jsonLd) {
+	if (typeof jsonLd !== "object" || jsonLd == null) return false;
+	const record = jsonLd;
+	if (!Object.hasOwn(record, "@context")) return false;
+	const context = record["@context"];
+	const entries = typeof context === "string" ? [context] : Array.isArray(context) ? context : null;
+	if (entries == null || entries.length < 1) return false;
+	let hasActivityStreamsContext = false;
+	for (const entry of entries) {
+		if (typeof entry !== "string") return false;
+		if (!KNOWN_SAFE_CONTEXT_URLS.has(entry)) return false;
+		if (entry === AS_CONTEXT_URL) hasActivityStreamsContext = true;
+	}
+	if (!hasActivityStreamsContext) return false;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") continue;
+		if (hasNestedContext(record[key])) return false;
+	}
+	return true;
+}
+function getLogSafeJsonLdMetadata(jsonLd) {
+	if (typeof jsonLd !== "object" || jsonLd == null) return {};
+	const record = jsonLd;
+	const context = record["@context"];
+	return {
+		id: typeof record.id === "string" ? record.id : typeof record["@id"] === "string" ? record["@id"] : void 0,
+		type: typeof record.type === "string" ? record.type : typeof record["@type"] === "string" ? record["@type"] : void 0,
+		context: typeof context === "string" ? context : Array.isArray(context) ? context.filter((entry) => typeof entry === "string").slice(0, 4) : context == null ? void 0 : "[inline context]"
+	};
+}
+/**
+* Ensures ActivityStreams attachment properties are represented as arrays
+* when doing so preserves the JSON-LD semantics.
+*
+* JSON-LD compaction collapses single-item arrays into scalar values by
+* default.  Some ActivityPub implementations, Pixelfed among them, parse
+* `attachment` as a plain JSON array rather than a JSON-LD property and reject
+* otherwise valid objects whose single attachment is emitted as a scalar.
+*
+* When no `contextLoader` is supplied, the helper falls back to a restricted
+* loader that resolves only Fedify's preloaded JSON-LD contexts and rejects
+* every other URL without network access.  Documents with custom, inline, or
+* otherwise uncached contexts should pass a real `contextLoader` if they need
+* the semantic-preservation check to succeed; otherwise canonicalization
+* failures leave the original document unchanged.
+*/
+async function normalizeAttachmentArrays(jsonLd, contextLoader) {
+	const normalized = wrapScalarAttachments(jsonLd);
+	if (normalized === jsonLd) return jsonLd;
+	if (exceedsTraversalDepth(jsonLd)) {
+		logger$1.debug("Skipping attachment array normalization because the JSON-LD document exceeds the safe traversal depth; leaving it unchanged.");
+		return jsonLd;
+	}
 	if (hasKnownSafeContext(jsonLd)) return normalized;
 	const loader = contextLoader ?? preloadedOnlyDocumentLoader;
 	try {
@@ -555,12 +752,21 @@ async function normalizePublicAudience(jsonLd, contextLoader) {
 			documentLoader: loader
 		})]);
 		if (before === after) return normalized;
-		logger$1.warn("Expanding the public audience CURIE to its full URI would change the canonical form of the activity; sending the activity as is.  This usually means the active JSON-LD context redefines the `as:` prefix or the bare `Public` term.");
+		logger$1.warn("Wrapping scalar attachment values in arrays would change the canonical form of the JSON-LD document; leaving it unchanged.  This usually means the active JSON-LD context redefines the `attachment` term.  Document: {id}; type: {type}; context: {context}.", getLogSafeJsonLdMetadata(jsonLd));
 	} catch (error) {
-		logger$1.debug("Failed to verify public audience normalization equivalence via JSON-LD canonicalization; sending the activity as is.\n{error}", { error });
+		logger$1.debug("Failed to verify attachment array normalization equivalence via JSON-LD canonicalization; leaving the JSON-LD document unchanged.\n{error}", { error });
 	}
 	return jsonLd;
 }
+/**
+* Applies Fedify's internal JSON-LD wire-format interoperability workarounds
+* to locally generated outgoing activities before they are signed, enqueued,
+* or sent.
+*/
+async function normalizeOutgoingActivityJsonLd(jsonLd, contextLoader) {
+	jsonLd = await normalizePublicAudience(jsonLd, contextLoader);
+	return await normalizeAttachmentArrays(jsonLd, contextLoader);
+}
 //#endregion
 //#region src/sig/proof.ts
 const logger = (0, _logtape_logtape.getLogger)([
@@ -615,7 +821,7 @@ async function createProof(object, privateKey, keyId, { contextLoader, context,
 		contextLoader,
 		context
 	});
-	compactMsg = await normalizePublicAudience(compactMsg, contextLoader);
+	compactMsg = await normalizeOutgoingActivityJsonLd(compactMsg, contextLoader);
 	const msgCanon = (0, json_canon.default)(compactMsg);
 	const encoder = new TextEncoder();
 	const msgBytes = encoder.encode(msgCanon);
@@ -726,9 +932,6 @@ async function verifyProofInternal(jsonLd, proof, options) {
 	const msg = { ...jsonLd };
 	if ("proof" in msg) delete msg.proof;
 	if ("https://w3id.org/security#proof" in msg) delete msg["https://w3id.org/security#proof"];
-	const candidates = [msg];
-	const normalized = await normalizePublicAudience(msg, options.contextLoader);
-	if (normalized !== msg) candidates.push(normalized);
 	let fetchedKey;
 	try {
 		fetchedKey = await publicKeyPromise;
@@ -770,12 +973,16 @@ async function verifyProofInternal(jsonLd, proof, options) {
 	}
 	const digest = new Uint8Array(proofDigest.byteLength + 32);
 	digest.set(new Uint8Array(proofDigest), 0);
-	for (const candidate of candidates) {
+	const proofValue = proof.proofValue;
+	const verifyCandidate = async (candidate) => {
 		const msgBytes = encoder.encode((0, json_canon.default)(candidate));
 		const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
 		digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
-		if (await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) return publicKey;
-	}
+		return await crypto.subtle.verify("Ed25519", publicKey.publicKey, proofValue.slice(), digest);
+	};
+	if (await verifyCandidate(msg)) return publicKey;
+	const normalized = await normalizeOutgoingActivityJsonLd(msg, preloadedOnlyDocumentLoader);
+	if (normalized !== msg && await verifyCandidate(normalized)) return publicKey;
 	if (fetchedKey.cached) {
 		logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
 			keyId: proof.verificationMethodId.href,
@@ -882,10 +1089,10 @@ Object.defineProperty(exports, "hasSignatureLike", {
 		return hasSignatureLike;
 	}
 });
-Object.defineProperty(exports, "normalizePublicAudience", {
+Object.defineProperty(exports, "normalizeOutgoingActivityJsonLd", {
 	enumerable: true,
 	get: function() {
-		return normalizePublicAudience;
+		return normalizeOutgoingActivityJsonLd;
 	}
 });
 Object.defineProperty(exports, "signJsonLd", {