@peac/http-signatures 0.10.13 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.cjs.map +1 -1
  2. package/dist/index.js.map +1 -1
  3. package/dist/parser.d.ts +1 -1
  4. package/package.json +1 -1
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors.ts","../src/parser.ts","../src/base.ts","../src/verify.ts"],"names":[],"mappings":";;;AAIO,IAAM,UAAA,GAAa;AAAA;AAAA,EAExB,yBAAA,EAA2B,6BAAA;AAAA;AAAA,EAE3B,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,uBAAA,EAAyB,2BAAA;AAAA;AAAA,EAEzB,+BAAA,EAAiC,mCAAA;AAAA;AAAA,EAEjC,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,gBAAA,EAAkB,oBAAA;AAAA;AAAA,EAElB,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,qBAAA,EAAuB,yBAAA;AAAA;AAAA,EAEvB,aAAA,EAAe;AACjB;AAOO,IAAM,eAAA,GAA6C;AAAA,EACxD,CAAC,UAAA,CAAW,yBAAyB,GAAG,GAAA;AAAA,EACxC,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,uBAAuB,GAAG,GAAA;AAAA,EACtC,CAAC,UAAA,CAAW,+BAA+B,GAAG,GAAA;AAAA,EAC9C,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,gBAAgB,GAAG,GAAA;AAAA,EAC/B,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,qBAAqB,GAAG,GAAA;AAAA,EACpC,CAAC,UAAA,CAAW,aAAa,GAAG;AAC9B;AAKO,IAAM,kBAAA,GAAN,cAAiC,KAAA,CAAM;AAAA,EACnC,IAAA;AAAA,EACA,UAAA;AAAA,EAET,WAAA,CAAY,MAAiB,OAAA,EAAiB;AAC5C,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,gBAAgB,IAAI,CAAA;AAAA,EACxC;AACF;;;ACrCO,SAAS,oBAAoB,WAAA,EAAyD;AAC3F,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAmC;AAGvD,EAAA,MAAM,OAAA,GAAU,uBAAuB,WAAW,CAAA;AAElD,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,MAAA,CAAO,IAAA,EAAM,CAAA;AAClD,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,KAAA,EAAO,MAAA,CAAO,MAAM,CAAA;AAAA,IACzC;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAUO,SAAS,qBACd,WAAA,EACoD;AACpD,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAmD;AAEvE,EAAA,MAAM,OAAA,GAAU,uBAAuB,WAAW,CAAA;AAElD,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,CAAC,KAAA,EAAO,KAAK,IAAI,aAAA,CAAc,MAAA,CAAO,MAAM,CAAA;AAClD,IAAA,IAAI,CAAC,KAAA,IAAS,CAAC,KAAA,EAAO;AAGtB,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,yBAAyB,CAAA;AACnD,IAAA,IAAI,CAAC,KAAA,EAAO;AAEZ,IAAA,MAAM,MAAA,GAAS,MAAM,CAAC,CAAA;AACtB,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,cAAc,MAAM,CAAA;AAClC,MAAA,OAAA,CAAQ,GAAA,CAAI,KAAA,EAAO,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,IACtC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAUO,SAAS,cAAA,CACd,cAAA,EACA,SAAA,EACA,KAAA,EACiB;AACjB,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,iBAAA,EAAmB,0BAA0B,CAAA;AAAA,EACvF;AAEA,EAAA,MAAM,QAAA,GAAW,oBAAoB,cAAc,CAAA;AACnD,EAAA,MAAM,MAAA,GAAS,qBAAqB,SAAS,CAAA;AAE7C,EAAA,IAAI,QAAA,CAAS,SAAS,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,cAAc,KAAA,IAAS,QAAA,CAAS,IAAA,EAAK,CAAE,MAAK,CAAE,KAAA;AACpD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,yBAAA,EAA2B,0BAA0B,CAAA;AAAA,EAC/F;AAEA,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,GAAA,CAAI,WAAW,CAAA;AACvC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX,oBAAoB,WAAW,CAAA,8BAAA;AAAA,KACjC;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,GAAA,CAAI,WAAW,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,iBAAA;AAAA,MACX,oBAAoB,WAAW,CAAA,+BAAA;AAAA,KACjC;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,OAAO,GAAA,EAAK;AACf,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,CAAO,OAAA,KAAY,MAAA,IAAa,MAAA,CAAO,YAAY,IAAA,EAAM;AAC3D,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,WAAA;AAAA,IACP,MAAA;AAAA,IACA,gBAAgB,OAAA,CAAQ,KAAA;AAAA,IACxB,iBAAiB,OAAA,CAAQ;AAAA,GAC3B;AACF;AAOA,SAAS,uBAAuB,KAAA,EAAyB;AACvD,EAAA,MAAM,UAAoB,EAAC;AAC3B,EAAA,IAAI,OAAA,GAAU,EAAA;AACd,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,IAAI,QAAA,GAAW,KAAA;AACf,EAAA,IAAI,SAAA,GAAY,KAAA;AAEhB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AAEpB,IAAA,IAAI,IAAA,KAAS,GAAA,IAAO,CAAC,SAAA,EAAW;AAC9B,MAAA,QAAA,GAAW,CAAC,QAAA;AACZ,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,CAAA,MAAA,IAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,EAAU;AACpC,MAAA,SAAA,GAAY,CAAC,SAAA;AACb,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,WAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AAClD,MAAA,KAAA,EAAA;AACA,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,WAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AAClD,MAAA,KAAA,EAAA;AACA,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,CAAA,MAAA,IAAW,SAAS,GAAA,IAAO,KAAA,KAAU,KAAK,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AACjE,MAAA,IAAI,OAAA,CAAQ,MAAK,EAAG;AAClB,QAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,CAAA;AAAA,MAC7B;AACA,MAAA,OAAA,GAAU,EAAA;AAAA,IACZ,CAAA,MAAO;AACL,MAAA,OAAA,IAAW,IAAA;AAAA,IACb;AAAA,EACF;AAEA,EAAA,IAAI,OAAA,CAAQ,MAAK,EAAG;AAClB,IAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,CAAA;AAAA,EAC7B;AAEA,EAAA,OAAO,OAAA;AACT;AAKA,SAAS,cAAc,MAAA,EAAkC;AACvD,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,YAAY,EAAA,EAAI;AAClB,IAAA,OAAO,CAAC,QAAQ,EAAE,CAAA;AAAA,EACpB;AACA,EAAA,OAAO,CAAC,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,OAAO,GAAG,MAAA,CAAO,KAAA,CAAM,OAAA,GAAU,CAAC,CAAC,CAAA;AAC7D;AAKA,SAAS,sBACP,MAAA,EACyD;AACzD,EAAA,MAAM,CAAC,KAAA,EAAO,IAAI,CAAA,GAAI,cAAc,MAAM,CAAA;AAC1C,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,IAAA,EAAM,OAAO,IAAA;AAI5B,EAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,KAAA,CAAM,mBAAmB,CAAA;AACrD,EAAA,IAAI,CAAC,gBAAgB,OAAO,IAAA;AAE5B,EAAA,MAAM,gBAAA,GAAmB,eAAe,CAAC,CAAA;AACzC,EAAA,MAAM,YAAA,GAAe,eAAe,CAAC,CAAA;AAGrC,EAAA,MAAM,iBAAA,GAAoB,eAAe,gBAAgB,CAAA;AAGzD,EAAA,MAAM,SAAA,GAAY,gBAAgB,YAAY,CAAA;AAE9C,EAAA,MAAM,MAAA,GAAgC;AAAA,IACpC,KAAA,EAAO,MAAA,CAAO,SAAA,CAAU,KAAA,IAAS,EAAE,CAAA;AAAA,IACnC,GAAA,EAAK,MAAA,CAAO,SAAA,CAAU,GAAA,IAAO,EAAE,CAAA;AAAA,IAC/B,SAAS,SAAA,CAAU,OAAA,KAAY,SAAY,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA,GAAI,CAAA;AAAA,IACvE;AAAA,GACF;AAEA,EAAA,IAAI,SAAA,CAAU,YAAY,MAAA,EAAW;AACnC,IAAA,MAAA,CAAO,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA;AAAA,EAC3C;AAEA,EAAA,IAAI,SAAA,CAAU,UAAU,MAAA,EAAW;AACjC,IAAA,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,SAAA,CAAU,KAAK,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,SAAA,CAAU,QAAQ,MAAA,EAAW;AAC/B,IAAA,MAAA,CAAO,GAAA,GAAM,MAAA,CAAO,SAAA,CAAU,GAAG,CAAA;AAAA,EACnC;AAEA,EAAA,OAAO,EAAE,OAAO,MAAA,EAAO;AACzB;AAKA,SAAS,eAAe,OAAA,EAA2B;AACjD,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,MAAM,KAAA,GAAQ,YAAA;AACd,EAAA,IAAI,KAAA;AACJ,EAAA,OAAA,CAAQ,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,OAAO,IAAA,EAAM;AAC7C,IAAA,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACrB;AACA,EAAA,OAAO,KAAA;AACT;AAKA,SAAS,gBAAgB,YAAA,EAAuD;AAC9E,EAAA,MAAM,SAA0C,EAAC;AAGjD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,CAAC,CAAA,KAAM,CAAA,CAAE,IAAA,EAAM,CAAA;AAE5D,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,CAAC,GAAA,EAAK,KAAK,IAAI,aAAA,CAAc,IAAA,CAAK,MAAM,CAAA;AAC9C,IAAA,IAAI,CAAC,GAAA,EAAK;AAGV,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,IAAA;AAAA,IAChB,CAAA,MAAA,IAAW,MAAM,UAAA,CAAW,GAAG,KAAK,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAEvD,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA,CAAM,KAAA,CAAM,GAAG,EAAE,CAAA;AAAA,IACjC,CAAA,MAAA,IAAW,SAAA,CAAU,IAAA,CAAK,KAAK,CAAA,EAAG;AAEhC,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,QAAA,CAAS,KAAA,EAAO,EAAE,CAAA;AAAA,IAClC,CAAA,MAAO;AAEL,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA;AAAA,IAChB;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAKA,SAAS,cAAc,MAAA,EAA4B;AAEjD,EAAA,MAAM,UAAA,GAAa,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAG9D,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,MAAA,CAAO,UAAA,CAAW,MAAA,GAAA,CAAW,IAAK,UAAA,CAAW,MAAA,GAAS,CAAA,IAAM,CAAA,EAAI,GAAG,CAAA;AAE7F,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;;;AC3SO,SAAS,kBAAA,CACd,SACA,MAAA,EACQ;AACR,EAAA,MAAM,QAAkB,EAAC;AAGzB,EAAA,KAAA,MAAW,SAAA,IAAa,OAAO,iBAAA,EAAmB;AAChD,IAAA,MAAM,KAAA,GAAQ,iBAAA,CAAkB,OAAA,EAAS,SAAS,CAAA;AAClD,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,CAAA,EAAI,SAAS,CAAA,GAAA,EAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EACvC;AAGA,EAAA,MAAM,UAAA,GAAa,yBAAyB,MAAM,CAAA;AAClD,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,qBAAA,EAAwB,UAAU,CAAA,CAAE,CAAA;AAE/C,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAKA,SAAS,iBAAA,CAAkB,SAA2B,SAAA,EAA2B;AAE/E,EAAA,IAAI,SAAA,CAAU,UAAA,CAAW,GAAG,CAAA,EAAG;AAC7B,IAAA,OAAO,wBAAA,CAAyB,SAAS,SAAS,CAAA;AAAA,EACpD;AAGA,EAAA,OAAO,cAAA,CAAe,OAAA,CAAQ,OAAA,EAAS,SAAS,CAAA;AAClD;AAKA,SAAS,wBAAA,CAAyB,SAA2B,SAAA,EAA2B;AACtF,EAAA,QAAQ,SAAA;AAAW,IACjB,KAAK,SAAA;AACH,MAAA,OAAO,OAAA,CAAQ,OAAO,WAAA,EAAY;AAAA,IAEpC,KAAK,aAAA;AACH,MAAA,OAAO,OAAA,CAAQ,GAAA;AAAA,IAEjB,KAAK,YAAA,EAAc;AACjB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,IAAA;AAAA,MACb,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,cAAA,CAAe,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAA;AAAA,MAC/C;AAAA,IACF;AAAA,IAEA,KAAK,SAAA,EAAW;AACd,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAAA,MACrC,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,OAAA;AAAA,MACT;AAAA,IACF;AAAA,IAEA,KAAK,iBAAA,EAAmB;AACtB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,WAAW,GAAA,CAAI,MAAA;AAAA,MAC5B,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,OAAA,CAAQ,GAAA;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,KAAK,OAAA,EAAS;AACZ,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,QAAA;AAAA,MACb,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA;AAC5C,QAAA,OAAO,SAAA,GAAY,SAAA,CAAU,CAAC,CAAA,GAAI,OAAA,CAAQ,GAAA;AAAA,MAC5C;AAAA,IACF;AAAA,IAEA,KAAK,QAAA,EAAU;AACb,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,IAAI,MAAA,IAAU,GAAA;AAAA,MACvB,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,MAAM,CAAA;AAC3C,QAAA,OAAO,UAAA,GAAa,UAAA,CAAW,CAAC,CAAA,GAAI,GAAA;AAAA,MACtC;AAAA,IACF;AAAA,IAEA;AAEE,MAAA,OAAO,EAAA;AAAA;AAEb;AAKA,SAAS,cAAA,CAAe,SAAiC,IAAA,EAAsB;AAC7E,EAAA,MAAM,SAAA,GAAY,KAAK,WAAA,EAAY;AAEnC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,SAAA,EAAW;AACnC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,EAAA;AACT;AAOA,SAAS,yBAAyB,MAAA,EAAuC;AAEvE,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,iBAAA,CAAkB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAG,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA;AACzE,EAAA,IAAI,IAAA,GAAO,IAAI,UAAU,CAAA,CAAA,CAAA;AAGzB,EAAA,IAAA,IAAQ,CAAA,SAAA,EAAY,OAAO,OAAO,CAAA,CAAA;AAElC,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,IAAA,IAAQ,CAAA,SAAA,EAAY,OAAO,OAAO,CAAA,CAAA;AAAA,EACpC;AAEA,EAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAW;AAC9B,IAAA,IAAA,IAAQ,CAAA,QAAA,EAAW,OAAO,KAAK,CAAA,CAAA,CAAA;AAAA,EACjC;AAEA,EAAA,IAAA,IAAQ,CAAA,QAAA,EAAW,OAAO,KAAK,CAAA,CAAA,CAAA;AAC/B,EAAA,IAAA,IAAQ,CAAA,MAAA,EAAS,OAAO,GAAG,CAAA,CAAA,CAAA;AAE3B,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IAAA,IAAQ,CAAA,MAAA,EAAS,OAAO,GAAG,CAAA,CAAA,CAAA;AAAA,EAC7B;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,qBAAqB,aAAA,EAAmC;AACtE,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,OAAO,OAAA,CAAQ,OAAO,aAAa,CAAA;AACrC;;;AC5IA,eAAsB,eAAA,CACpB,SACA,OAAA,EAC6B;AAC7B,EAAA,MAAM,EAAE,WAAA,EAAa,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAAG,gBAAA,GAAmB,EAAA,EAAG,GAAI,OAAA;AAEpF,EAAA,IAAI;AAEF,IAAA,MAAM,cAAA,GAAiB,SAAA,CAAU,OAAA,CAAQ,OAAA,EAAS,iBAAiB,CAAA;AACnE,IAAA,MAAM,SAAA,GAAY,SAAA,CAAU,OAAA,CAAQ,OAAA,EAAS,WAAW,CAAA;AAGxD,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,cAAA,EAAgB,SAAA,EAAW,QAAQ,KAAK,CAAA;AAGtE,IAAA,IAAI,MAAA,CAAO,MAAA,CAAO,GAAA,KAAQ,SAAA,EAAW;AACnC,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,UAAA,CAAW,+BAAA;AAAA,QACX,CAAA,uBAAA,EAA0B,MAAA,CAAO,MAAA,CAAO,GAAG,CAAA,4BAAA;AAAA,OAC7C;AAAA,IACF;AAGA,IAAA,uBAAA,CAAwB,MAAA,CAAO,MAAA,EAAQ,GAAA,EAAK,gBAAgB,CAAA;AAG5D,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,MAAA,CAAO,OAAO,KAAK,CAAA;AACtD,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,UAAA,CAAW,aAAA;AAAA,QACX,CAAA,eAAA,EAAkB,MAAA,CAAO,MAAA,CAAO,KAAK,CAAA;AAAA,OACvC;AAAA,IACF;AAGA,IAAA,MAAM,aAAA,GAAgB,kBAAA,CAAmB,OAAA,EAAS,MAAA,CAAO,MAAM,CAAA;AAC/D,IAAA,MAAM,kBAAA,GAAqB,qBAAqB,aAAa,CAAA;AAG7D,IAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,kBAAA,EAAoB,OAAO,cAAc,CAAA;AAEtE,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,iBAAA,EAAmB,+BAA+B,CAAA;AAAA,IAC5F;AAEA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,IAAA;AAAA,MACP,SAAA,EAAW;AAAA,KACb;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,IAAI,iBAAiB,kBAAA,EAAoB;AACvC,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,WAAW,KAAA,CAAM,IAAA;AAAA,QACjB,cAAc,KAAA,CAAM;AAAA,OACtB;AAAA,IACF;AACA,IAAA,MAAM,KAAA;AAAA,EACR;AACF;AAKA,SAAS,uBAAA,CACP,MAAA,EACA,GAAA,EACA,gBAAA,EACM;AAEN,EAAA,IAAI,iBAAA,CAAkB,MAAA,EAAQ,GAAA,EAAK,gBAAgB,CAAA,EAAG;AACpD,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,gBAAA;AAAA,MACX,CAAA,6BAAA,EAAgC,MAAA,CAAO,OAAO,CAAA,GAAA,EAAM,MAAM,gBAAgB,CAAA;AAAA,KAC5E;AAAA,EACF;AAGA,EAAA,IAAI,SAAA,CAAU,MAAA,EAAQ,GAAG,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,iBAAA;AAAA,MACX,CAAA,mBAAA,EAAsB,MAAA,CAAO,OAAO,CAAA,GAAA,EAAM,GAAG,CAAA;AAAA,KAC/C;AAAA,EACF;AACF;AASO,SAAS,SAAA,CACd,QACA,GAAA,GAAc,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EACjC;AACT,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,MAAM,MAAA,CAAO,OAAA;AACtB;AAUO,SAAS,iBAAA,CACd,MAAA,EACA,GAAA,GAAc,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAC1C,WAAA,GAAsB,EAAA,EACb;AACT,EAAA,OAAO,MAAA,CAAO,UAAU,GAAA,GAAM,WAAA;AAChC;AAOA,eAAsB,2BAAA,GAAgD;AACpE,EAAA,IAAI;AAEF,IAAA,MAAM,UAAU,MAAM,UAAA,CAAW,OAAO,MAAA,CAAO,WAAA,CAAY,WAAW,KAAA,EAAO;AAAA,MAC3E,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AACD,IAAA,OAAO,OAAA,KAAY,IAAA;AAAA,EACrB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAWO,SAAS,wBAAwB,GAAA,EAAiC;AACvE,EAAA,OAAO,OAAO,MAAkB,SAAA,KAA4C;AAE1E,IAAA,MAAM,SAAA,GAAY,IAAI,UAAA,CAAW,SAAS,CAAA,CAAE,MAAA;AAC5C,IAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,IAAI,CAAA,CAAE,MAAA;AAKxC,IAAA,OAAO,WAAW,MAAA,CAAO,MAAA,CAAO,OAAO,SAAA,EAAW,GAAA,EAAkB,WAAW,UAAU,CAAA;AAAA,EAC3F,CAAA;AACF;AAKA,SAAS,SAAA,CAAU,SAAiC,IAAA,EAAsB;AACxE,EAAA,MAAM,SAAA,GAAY,KAAK,WAAA,EAAY;AACnC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,SAAA,EAAW;AACnC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,EAAA;AACT","file":"index.cjs","sourcesContent":["/**\n * HTTP Signature error codes per execution pack specification.\n */\n\nexport const ErrorCodes = {\n /** Signature-Input header parse failed */\n SIGNATURE_INPUT_MALFORMED: 'E_SIGNATURE_INPUT_MALFORMED',\n /** No Signature header present */\n SIGNATURE_MISSING: 'E_SIGNATURE_MISSING',\n /** Required param (created/keyid/alg) missing */\n SIGNATURE_PARAM_MISSING: 'E_SIGNATURE_PARAM_MISSING',\n /** Algorithm not ed25519 */\n SIGNATURE_ALGORITHM_UNSUPPORTED: 'E_SIGNATURE_ALGORITHM_UNSUPPORTED',\n /** Signature expired (now > expires) */\n SIGNATURE_EXPIRED: 'E_SIGNATURE_EXPIRED',\n /** Signature from future (created > now + skew) */\n SIGNATURE_FUTURE: 'E_SIGNATURE_FUTURE',\n /** Cryptographic verification failed */\n SIGNATURE_INVALID: 'E_SIGNATURE_INVALID',\n /** Ed25519 WebCrypto not supported */\n WEBCRYPTO_UNAVAILABLE: 'E_WEBCRYPTO_UNAVAILABLE',\n /** Key not found by resolver */\n KEY_NOT_FOUND: 'E_KEY_NOT_FOUND',\n} as const;\n\nexport type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];\n\n/**\n * HTTP status codes for each error.\n */\nexport const ErrorHttpStatus: Record<ErrorCode, number> = {\n [ErrorCodes.SIGNATURE_INPUT_MALFORMED]: 400,\n [ErrorCodes.SIGNATURE_MISSING]: 401,\n [ErrorCodes.SIGNATURE_PARAM_MISSING]: 400,\n [ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED]: 400,\n [ErrorCodes.SIGNATURE_EXPIRED]: 401,\n [ErrorCodes.SIGNATURE_FUTURE]: 401,\n [ErrorCodes.SIGNATURE_INVALID]: 401,\n [ErrorCodes.WEBCRYPTO_UNAVAILABLE]: 500,\n [ErrorCodes.KEY_NOT_FOUND]: 401,\n};\n\n/**\n * HTTP Signature error with code and HTTP status.\n */\nexport class HttpSignatureError extends Error {\n readonly code: ErrorCode;\n readonly httpStatus: number;\n\n constructor(code: ErrorCode, message: string) {\n super(message);\n this.name = 'HttpSignatureError';\n this.code = code;\n this.httpStatus = ErrorHttpStatus[code];\n }\n}\n","/**\n * Parser for RFC 9421 Signature-Input and Signature headers.\n *\n * Implements minimal RFC 8941 Structured Fields parsing for\n * Dictionary and Inner List types as needed by HTTP Signatures.\n */\n\nimport { ParsedSignatureParams, ParsedSignature } from './types.js';\nimport { ErrorCodes, HttpSignatureError } from './errors.js';\n\n/**\n * Parse Signature-Input header value into structured parameters.\n *\n * Format: label=(\"component1\" \"component2\");param1=value1;param2=value2\n *\n * @param headerValue - Raw Signature-Input header value\n * @returns Map of label to parsed parameters\n */\nexport function parseSignatureInput(headerValue: string): Map<string, ParsedSignatureParams> {\n const results = new Map<string, ParsedSignatureParams>();\n\n // Split by comma for multiple signatures (outer dictionary members)\n const members = splitDictionaryMembers(headerValue);\n\n for (const member of members) {\n const parsed = parseDictionaryMember(member.trim());\n if (parsed) {\n results.set(parsed.label, parsed.params);\n }\n }\n\n return results;\n}\n\n/**\n * Parse Signature header value into raw signature bytes.\n *\n * Format: label=:base64signature:\n *\n * @param headerValue - Raw Signature header value\n * @returns Map of label to signature bytes\n */\nexport function parseSignatureHeader(\n headerValue: string\n): Map<string, { bytes: Uint8Array; base64: string }> {\n const results = new Map<string, { bytes: Uint8Array; base64: string }>();\n\n const members = splitDictionaryMembers(headerValue);\n\n for (const member of members) {\n const [label, value] = splitKeyValue(member.trim());\n if (!label || !value) continue;\n\n // Extract base64 from :...: byte sequence format\n const match = value.match(/^:([A-Za-z0-9+/=_-]+):$/);\n if (!match) continue;\n\n const base64 = match[1];\n try {\n const bytes = base64ToBytes(base64);\n results.set(label, { bytes, base64 });\n } catch {\n // Skip invalid base64\n }\n }\n\n return results;\n}\n\n/**\n * Parse complete signature from both headers.\n *\n * @param signatureInput - Signature-Input header value\n * @param signature - Signature header value\n * @param label - Optional specific label to parse (defaults to first)\n * @returns Parsed signature or throws HttpSignatureError\n */\nexport function parseSignature(\n signatureInput: string,\n signature: string,\n label?: string\n): ParsedSignature {\n if (!signatureInput) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n 'Missing Signature-Input header'\n );\n }\n\n if (!signature) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_MISSING, 'Missing Signature header');\n }\n\n const inputMap = parseSignatureInput(signatureInput);\n const sigMap = parseSignatureHeader(signature);\n\n if (inputMap.size === 0) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n 'Failed to parse Signature-Input header'\n );\n }\n\n // Use specified label or first available\n const targetLabel = label ?? inputMap.keys().next().value;\n if (!targetLabel) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_INPUT_MALFORMED, 'No signature label found');\n }\n\n const params = inputMap.get(targetLabel);\n if (!params) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n `Signature label \"${targetLabel}\" not found in Signature-Input`\n );\n }\n\n const sigData = sigMap.get(targetLabel);\n if (!sigData) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_MISSING,\n `Signature label \"${targetLabel}\" not found in Signature header`\n );\n }\n\n // Validate required parameters\n if (!params.keyid) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: keyid'\n );\n }\n\n if (!params.alg) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: alg'\n );\n }\n\n if (params.created === undefined || params.created === null) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: created'\n );\n }\n\n return {\n label: targetLabel,\n params,\n signatureBytes: sigData.bytes,\n signatureBase64: sigData.base64,\n };\n}\n\n// --- Internal parsing helpers ---\n\n/**\n * Split dictionary members by comma, respecting inner lists and strings.\n */\nfunction splitDictionaryMembers(value: string): string[] {\n const members: string[] = [];\n let current = '';\n let depth = 0;\n let inString = false;\n let inByteSeq = false;\n\n for (let i = 0; i < value.length; i++) {\n const char = value[i];\n\n if (char === '\"' && !inByteSeq) {\n inString = !inString;\n current += char;\n } else if (char === ':' && !inString) {\n inByteSeq = !inByteSeq;\n current += char;\n } else if (char === '(' && !inString && !inByteSeq) {\n depth++;\n current += char;\n } else if (char === ')' && !inString && !inByteSeq) {\n depth--;\n current += char;\n } else if (char === ',' && depth === 0 && !inString && !inByteSeq) {\n if (current.trim()) {\n members.push(current.trim());\n }\n current = '';\n } else {\n current += char;\n }\n }\n\n if (current.trim()) {\n members.push(current.trim());\n }\n\n return members;\n}\n\n/**\n * Split a dictionary member into key=value pair.\n */\nfunction splitKeyValue(member: string): [string, string] {\n const eqIndex = member.indexOf('=');\n if (eqIndex === -1) {\n return [member, ''];\n }\n return [member.slice(0, eqIndex), member.slice(eqIndex + 1)];\n}\n\n/**\n * Parse a single dictionary member (label=inner-list;params).\n */\nfunction parseDictionaryMember(\n member: string\n): { label: string; params: ParsedSignatureParams } | null {\n const [label, rest] = splitKeyValue(member);\n if (!label || !rest) return null;\n\n // Parse inner list and parameters\n // Format: (\"component1\" \"component2\");param1=value1;param2=value2\n const innerListMatch = rest.match(/^\\(([^)]*)\\)(.*)$/);\n if (!innerListMatch) return null;\n\n const innerListContent = innerListMatch[1];\n const paramsString = innerListMatch[2];\n\n // Parse covered components from inner list\n const coveredComponents = parseInnerList(innerListContent);\n\n // Parse parameters\n const rawParams = parseParameters(paramsString);\n\n const params: ParsedSignatureParams = {\n keyid: String(rawParams.keyid ?? ''),\n alg: String(rawParams.alg ?? ''),\n created: rawParams.created !== undefined ? Number(rawParams.created) : 0,\n coveredComponents,\n };\n\n if (rawParams.expires !== undefined) {\n params.expires = Number(rawParams.expires);\n }\n\n if (rawParams.nonce !== undefined) {\n params.nonce = String(rawParams.nonce);\n }\n\n if (rawParams.tag !== undefined) {\n params.tag = String(rawParams.tag);\n }\n\n return { label, params };\n}\n\n/**\n * Parse inner list content (space-separated quoted strings).\n */\nfunction parseInnerList(content: string): string[] {\n const items: string[] = [];\n const regex = /\"([^\"]*)\"/g;\n let match;\n while ((match = regex.exec(content)) !== null) {\n items.push(match[1]);\n }\n return items;\n}\n\n/**\n * Parse parameters from ;key=value;key2=value2 format.\n */\nfunction parseParameters(paramsString: string): Record<string, string | number> {\n const params: Record<string, string | number> = {};\n\n // Split by semicolon\n const parts = paramsString.split(';').filter((p) => p.trim());\n\n for (const part of parts) {\n const [key, value] = splitKeyValue(part.trim());\n if (!key) continue;\n\n // Parse value - could be integer, string, or token\n if (!value) {\n params[key] = true as unknown as string;\n } else if (value.startsWith('\"') && value.endsWith('\"')) {\n // Quoted string\n params[key] = value.slice(1, -1);\n } else if (/^-?\\d+$/.test(value)) {\n // Integer\n params[key] = parseInt(value, 10);\n } else {\n // Token or other\n params[key] = value;\n }\n }\n\n return params;\n}\n\n/**\n * Decode base64 (standard or URL-safe) to bytes.\n */\nfunction base64ToBytes(base64: string): Uint8Array {\n // Handle URL-safe base64\n const normalized = base64.replace(/-/g, '+').replace(/_/g, '/');\n\n // Add padding if needed\n const padded = normalized.padEnd(normalized.length + ((4 - (normalized.length % 4)) % 4), '=');\n\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n","/**\n * Signature base construction per RFC 9421 Section 2.5.\n *\n * The signature base is a canonical string constructed from\n * covered components and signature parameters.\n */\n\nimport { ParsedSignatureParams, SignatureRequest } from './types.js';\n\n/**\n * Build signature base string for verification.\n *\n * @param request - Request data\n * @param params - Parsed signature parameters\n * @returns Signature base string\n */\nexport function buildSignatureBase(\n request: SignatureRequest,\n params: ParsedSignatureParams\n): string {\n const lines: string[] = [];\n\n // Add each covered component\n for (const component of params.coveredComponents) {\n const value = getComponentValue(request, component);\n lines.push(`\"${component}\": ${value}`);\n }\n\n // Add signature params line\n const paramsLine = buildSignatureParamsLine(params);\n lines.push(`\"@signature-params\": ${paramsLine}`);\n\n return lines.join('\\n');\n}\n\n/**\n * Get the canonical value for a component identifier.\n */\nfunction getComponentValue(request: SignatureRequest, component: string): string {\n // Derived components start with @\n if (component.startsWith('@')) {\n return getDerivedComponentValue(request, component);\n }\n\n // Otherwise it's a header field\n return getHeaderValue(request.headers, component);\n}\n\n/**\n * Get derived component value.\n */\nfunction getDerivedComponentValue(request: SignatureRequest, component: string): string {\n switch (component) {\n case '@method':\n return request.method.toUpperCase();\n\n case '@target-uri':\n return request.url;\n\n case '@authority': {\n try {\n const url = new URL(request.url);\n return url.host;\n } catch {\n // If URL parsing fails, try to extract from headers\n return getHeaderValue(request.headers, 'host');\n }\n }\n\n case '@scheme': {\n try {\n const url = new URL(request.url);\n return url.protocol.replace(':', '');\n } catch {\n return 'https';\n }\n }\n\n case '@request-target': {\n try {\n const url = new URL(request.url);\n return url.pathname + url.search;\n } catch {\n // If not a full URL, assume it's already a path\n return request.url;\n }\n }\n\n case '@path': {\n try {\n const url = new URL(request.url);\n return url.pathname;\n } catch {\n const pathMatch = request.url.match(/^[^?]*/);\n return pathMatch ? pathMatch[0] : request.url;\n }\n }\n\n case '@query': {\n try {\n const url = new URL(request.url);\n return url.search || '?';\n } catch {\n const queryMatch = request.url.match(/\\?.*/);\n return queryMatch ? queryMatch[0] : '?';\n }\n }\n\n default:\n // Unknown derived component - return empty\n return '';\n }\n}\n\n/**\n * Get header value by name (case-insensitive).\n */\nfunction getHeaderValue(headers: Record<string, string>, name: string): string {\n const lowerName = name.toLowerCase();\n\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lowerName) {\n return value;\n }\n }\n\n return '';\n}\n\n/**\n * Build the signature-params line value.\n *\n * Format: (\"component1\" \"component2\");created=123;keyid=\"key\";alg=\"ed25519\"\n */\nfunction buildSignatureParamsLine(params: ParsedSignatureParams): string {\n // Build inner list of components\n const components = params.coveredComponents.map((c) => `\"${c}\"`).join(' ');\n let line = `(${components})`;\n\n // Add required parameters in canonical order\n line += `;created=${params.created}`;\n\n if (params.expires !== undefined) {\n line += `;expires=${params.expires}`;\n }\n\n if (params.nonce !== undefined) {\n line += `;nonce=\"${params.nonce}\"`;\n }\n\n line += `;keyid=\"${params.keyid}\"`;\n line += `;alg=\"${params.alg}\"`;\n\n if (params.tag !== undefined) {\n line += `;tag=\"${params.tag}\"`;\n }\n\n return line;\n}\n\n/**\n * Convert signature base string to bytes for cryptographic verification.\n */\nexport function signatureBaseToBytes(signatureBase: string): Uint8Array {\n const encoder = new TextEncoder();\n return encoder.encode(signatureBase);\n}\n","/**\n * HTTP Message Signature verification.\n *\n * Runtime-neutral verification using SignatureVerifier function type.\n * WebCrypto is used internally but NOT exposed in public API.\n */\n\nimport {\n SignatureVerifier,\n KeyResolver,\n SignatureRequest,\n VerifyOptions,\n VerificationResult,\n ParsedSignatureParams,\n} from './types.js';\nimport { parseSignature } from './parser.js';\nimport { buildSignatureBase, signatureBaseToBytes } from './base.js';\nimport { ErrorCodes, HttpSignatureError } from './errors.js';\n\n/**\n * Verify an HTTP Message Signature.\n *\n * @param request - Request data with headers\n * @param options - Verification options including key resolver\n * @returns Verification result\n */\nexport async function verifySignature(\n request: SignatureRequest,\n options: VerifyOptions\n): Promise<VerificationResult> {\n const { keyResolver, now = Math.floor(Date.now() / 1000), clockSkewSeconds = 60 } = options;\n\n try {\n // Get signature headers\n const signatureInput = getHeader(request.headers, 'signature-input');\n const signature = getHeader(request.headers, 'signature');\n\n // Parse signature\n const parsed = parseSignature(signatureInput, signature, options.label);\n\n // Validate algorithm\n if (parsed.params.alg !== 'ed25519') {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED,\n `Unsupported algorithm: ${parsed.params.alg} (only ed25519 is supported)`\n );\n }\n\n // Validate time constraints\n validateTimeConstraints(parsed.params, now, clockSkewSeconds);\n\n // Resolve key\n const verifier = await keyResolver(parsed.params.keyid);\n if (!verifier) {\n throw new HttpSignatureError(\n ErrorCodes.KEY_NOT_FOUND,\n `Key not found: ${parsed.params.keyid}`\n );\n }\n\n // Build signature base\n const signatureBase = buildSignatureBase(request, parsed.params);\n const signatureBaseBytes = signatureBaseToBytes(signatureBase);\n\n // Verify signature\n const valid = await verifier(signatureBaseBytes, parsed.signatureBytes);\n\n if (!valid) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_INVALID, 'Signature verification failed');\n }\n\n return {\n valid: true,\n signature: parsed,\n };\n } catch (error) {\n if (error instanceof HttpSignatureError) {\n return {\n valid: false,\n errorCode: error.code,\n errorMessage: error.message,\n };\n }\n throw error;\n }\n}\n\n/**\n * Validate time constraints on signature parameters.\n */\nfunction validateTimeConstraints(\n params: ParsedSignatureParams,\n now: number,\n clockSkewSeconds: number\n): void {\n // Check if signature is from the future (with skew tolerance)\n if (isCreatedInFuture(params, now, clockSkewSeconds)) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_FUTURE,\n `Signature created in future: ${params.created} > ${now + clockSkewSeconds}`\n );\n }\n\n // Check if signature is expired\n if (isExpired(params, now)) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_EXPIRED,\n `Signature expired: ${params.expires} < ${now}`\n );\n }\n}\n\n/**\n * Check if signature is expired.\n *\n * @param params - Parsed signature parameters\n * @param now - Current Unix timestamp (defaults to current time)\n * @returns true if signature is expired\n */\nexport function isExpired(\n params: ParsedSignatureParams,\n now: number = Math.floor(Date.now() / 1000)\n): boolean {\n if (params.expires === undefined) {\n return false;\n }\n return now > params.expires;\n}\n\n/**\n * Check if signature was created in the future (accounting for clock skew).\n *\n * @param params - Parsed signature parameters\n * @param now - Current Unix timestamp (defaults to current time)\n * @param skewSeconds - Allowed clock skew in seconds (defaults to 60)\n * @returns true if signature is from the future\n */\nexport function isCreatedInFuture(\n params: ParsedSignatureParams,\n now: number = Math.floor(Date.now() / 1000),\n skewSeconds: number = 60\n): boolean {\n return params.created > now + skewSeconds;\n}\n\n/**\n * Check if Ed25519 WebCrypto is supported in current runtime.\n *\n * @returns true if Ed25519 WebCrypto is available\n */\nexport async function isEd25519WebCryptoSupported(): Promise<boolean> {\n try {\n // Try to generate a key pair to test support\n const keyPair = await globalThis.crypto.subtle.generateKey('Ed25519', false, [\n 'sign',\n 'verify',\n ]);\n return keyPair !== null;\n } catch {\n return false;\n }\n}\n\n/**\n * Create a SignatureVerifier from a WebCrypto CryptoKey.\n *\n * This is a helper for consumers who have CryptoKey objects.\n * The function is runtime-neutral as it accepts unknown and casts internally.\n *\n * @param key - WebCrypto CryptoKey (passed as unknown for runtime neutrality)\n * @returns SignatureVerifier function\n */\nexport function createWebCryptoVerifier(key: unknown): SignatureVerifier {\n return async (data: Uint8Array, signature: Uint8Array): Promise<boolean> => {\n // Create proper ArrayBuffer views to satisfy TypeScript\n const sigBuffer = new Uint8Array(signature).buffer;\n const dataBuffer = new Uint8Array(data).buffer;\n\n // Use type from the actual WebCrypto API to avoid DOM type dependency\n type VerifyKey = Parameters<typeof globalThis.crypto.subtle.verify>[1];\n\n return globalThis.crypto.subtle.verify('Ed25519', key as VerifyKey, sigBuffer, dataBuffer);\n };\n}\n\n/**\n * Get header value by name (case-insensitive).\n */\nfunction getHeader(headers: Record<string, string>, name: string): string {\n const lowerName = name.toLowerCase();\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lowerName) {\n return value;\n }\n }\n return '';\n}\n"]}
1
+ {"version":3,"sources":["../src/errors.ts","../src/parser.ts","../src/base.ts","../src/verify.ts"],"names":[],"mappings":";;;AAIO,IAAM,UAAA,GAAa;AAAA;AAAA,EAExB,yBAAA,EAA2B,6BAAA;AAAA;AAAA,EAE3B,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,uBAAA,EAAyB,2BAAA;AAAA;AAAA,EAEzB,+BAAA,EAAiC,mCAAA;AAAA;AAAA,EAEjC,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,gBAAA,EAAkB,oBAAA;AAAA;AAAA,EAElB,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,qBAAA,EAAuB,yBAAA;AAAA;AAAA,EAEvB,aAAA,EAAe;AACjB;AAOO,IAAM,eAAA,GAA6C;AAAA,EACxD,CAAC,UAAA,CAAW,yBAAyB,GAAG,GAAA;AAAA,EACxC,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,uBAAuB,GAAG,GAAA;AAAA,EACtC,CAAC,UAAA,CAAW,+BAA+B,GAAG,GAAA;AAAA,EAC9C,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,gBAAgB,GAAG,GAAA;AAAA,EAC/B,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,qBAAqB,GAAG,GAAA;AAAA,EACpC,CAAC,UAAA,CAAW,aAAa,GAAG;AAC9B;AAKO,IAAM,kBAAA,GAAN,cAAiC,KAAA,CAAM;AAAA,EACnC,IAAA;AAAA,EACA,UAAA;AAAA,EAET,WAAA,CAAY,MAAiB,OAAA,EAAiB;AAC5C,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,gBAAgB,IAAI,CAAA;AAAA,EACxC;AACF;;;ACrCO,SAAS,oBAAoB,WAAA,EAAyD;AAC3F,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAmC;AAGvD,EAAA,MAAM,OAAA,GAAU,uBAAuB,WAAW,CAAA;AAElD,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,MAAA,CAAO,IAAA,EAAM,CAAA;AAClD,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,KAAA,EAAO,MAAA,CAAO,MAAM,CAAA;AAAA,IACzC;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAUO,SAAS,qBACd,WAAA,EACoD;AACpD,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAmD;AAEvE,EAAA,MAAM,OAAA,GAAU,uBAAuB,WAAW,CAAA;AAElD,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,CAAC,KAAA,EAAO,KAAK,IAAI,aAAA,CAAc,MAAA,CAAO,MAAM,CAAA;AAClD,IAAA,IAAI,CAAC,KAAA,IAAS,CAAC,KAAA,EAAO;AAGtB,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,yBAAyB,CAAA;AACnD,IAAA,IAAI,CAAC,KAAA,EAAO;AAEZ,IAAA,MAAM,MAAA,GAAS,MAAM,CAAC,CAAA;AACtB,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,cAAc,MAAM,CAAA;AAClC,MAAA,OAAA,CAAQ,GAAA,CAAI,KAAA,EAAO,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,IACtC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAUO,SAAS,cAAA,CACd,cAAA,EACA,SAAA,EACA,KAAA,EACiB;AACjB,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,iBAAA,EAAmB,0BAA0B,CAAA;AAAA,EACvF;AAEA,EAAA,MAAM,QAAA,GAAW,oBAAoB,cAAc,CAAA;AACnD,EAAA,MAAM,MAAA,GAAS,qBAAqB,SAAS,CAAA;AAE7C,EAAA,IAAI,QAAA,CAAS,SAAS,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,cAAc,KAAA,IAAS,QAAA,CAAS,IAAA,EAAK,CAAE,MAAK,CAAE,KAAA;AACpD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,yBAAA,EAA2B,0BAA0B,CAAA;AAAA,EAC/F;AAEA,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,GAAA,CAAI,WAAW,CAAA;AACvC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX,oBAAoB,WAAW,CAAA,8BAAA;AAAA,KACjC;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,GAAA,CAAI,WAAW,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,iBAAA;AAAA,MACX,oBAAoB,WAAW,CAAA,+BAAA;AAAA,KACjC;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,OAAO,GAAA,EAAK;AACf,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,CAAO,OAAA,KAAY,MAAA,IAAa,MAAA,CAAO,YAAY,IAAA,EAAM;AAC3D,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,WAAA;AAAA,IACP,MAAA;AAAA,IACA,gBAAgB,OAAA,CAAQ,KAAA;AAAA,IACxB,iBAAiB,OAAA,CAAQ;AAAA,GAC3B;AACF;AAOA,SAAS,uBAAuB,KAAA,EAAyB;AACvD,EAAA,MAAM,UAAoB,EAAC;AAC3B,EAAA,IAAI,OAAA,GAAU,EAAA;AACd,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,IAAI,QAAA,GAAW,KAAA;AACf,EAAA,IAAI,SAAA,GAAY,KAAA;AAEhB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AAEpB,IAAA,IAAI,IAAA,KAAS,GAAA,IAAO,CAAC,SAAA,EAAW;AAC9B,MAAA,QAAA,GAAW,CAAC,QAAA;AACZ,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,CAAA,MAAA,IAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,EAAU;AACpC,MAAA,SAAA,GAAY,CAAC,SAAA;AACb,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,WAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AAClD,MAAA,KAAA,EAAA;AACA,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,WAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AAClD,MAAA,KAAA,EAAA;AACA,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,CAAA,MAAA,IAAW,SAAS,GAAA,IAAO,KAAA,KAAU,KAAK,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AACjE,MAAA,IAAI,OAAA,CAAQ,MAAK,EAAG;AAClB,QAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,CAAA;AAAA,MAC7B;AACA,MAAA,OAAA,GAAU,EAAA;AAAA,IACZ,CAAA,MAAO;AACL,MAAA,OAAA,IAAW,IAAA;AAAA,IACb;AAAA,EACF;AAEA,EAAA,IAAI,OAAA,CAAQ,MAAK,EAAG;AAClB,IAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,CAAA;AAAA,EAC7B;AAEA,EAAA,OAAO,OAAA;AACT;AAKA,SAAS,cAAc,MAAA,EAAkC;AACvD,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,YAAY,EAAA,EAAI;AAClB,IAAA,OAAO,CAAC,QAAQ,EAAE,CAAA;AAAA,EACpB;AACA,EAAA,OAAO,CAAC,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,OAAO,GAAG,MAAA,CAAO,KAAA,CAAM,OAAA,GAAU,CAAC,CAAC,CAAA;AAC7D;AAKA,SAAS,sBACP,MAAA,EACyD;AACzD,EAAA,MAAM,CAAC,KAAA,EAAO,IAAI,CAAA,GAAI,cAAc,MAAM,CAAA;AAC1C,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,IAAA,EAAM,OAAO,IAAA;AAI5B,EAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,KAAA,CAAM,mBAAmB,CAAA;AACrD,EAAA,IAAI,CAAC,gBAAgB,OAAO,IAAA;AAE5B,EAAA,MAAM,gBAAA,GAAmB,eAAe,CAAC,CAAA;AACzC,EAAA,MAAM,YAAA,GAAe,eAAe,CAAC,CAAA;AAGrC,EAAA,MAAM,iBAAA,GAAoB,eAAe,gBAAgB,CAAA;AAGzD,EAAA,MAAM,SAAA,GAAY,gBAAgB,YAAY,CAAA;AAE9C,EAAA,MAAM,MAAA,GAAgC;AAAA,IACpC,KAAA,EAAO,MAAA,CAAO,SAAA,CAAU,KAAA,IAAS,EAAE,CAAA;AAAA,IACnC,GAAA,EAAK,MAAA,CAAO,SAAA,CAAU,GAAA,IAAO,EAAE,CAAA;AAAA,IAC/B,SAAS,SAAA,CAAU,OAAA,KAAY,SAAY,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA,GAAI,CAAA;AAAA,IACvE;AAAA,GACF;AAEA,EAAA,IAAI,SAAA,CAAU,YAAY,MAAA,EAAW;AACnC,IAAA,MAAA,CAAO,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA;AAAA,EAC3C;AAEA,EAAA,IAAI,SAAA,CAAU,UAAU,MAAA,EAAW;AACjC,IAAA,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,SAAA,CAAU,KAAK,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,SAAA,CAAU,QAAQ,MAAA,EAAW;AAC/B,IAAA,MAAA,CAAO,GAAA,GAAM,MAAA,CAAO,SAAA,CAAU,GAAG,CAAA;AAAA,EACnC;AAEA,EAAA,OAAO,EAAE,OAAO,MAAA,EAAO;AACzB;AAKA,SAAS,eAAe,OAAA,EAA2B;AACjD,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,MAAM,KAAA,GAAQ,YAAA;AACd,EAAA,IAAI,KAAA;AACJ,EAAA,OAAA,CAAQ,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,OAAO,IAAA,EAAM;AAC7C,IAAA,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACrB;AACA,EAAA,OAAO,KAAA;AACT;AAKA,SAAS,gBAAgB,YAAA,EAAuD;AAC9E,EAAA,MAAM,SAA0C,EAAC;AAGjD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,CAAC,CAAA,KAAM,CAAA,CAAE,IAAA,EAAM,CAAA;AAE5D,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,CAAC,GAAA,EAAK,KAAK,IAAI,aAAA,CAAc,IAAA,CAAK,MAAM,CAAA;AAC9C,IAAA,IAAI,CAAC,GAAA,EAAK;AAGV,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,IAAA;AAAA,IAChB,CAAA,MAAA,IAAW,MAAM,UAAA,CAAW,GAAG,KAAK,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAEvD,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA,CAAM,KAAA,CAAM,GAAG,EAAE,CAAA;AAAA,IACjC,CAAA,MAAA,IAAW,SAAA,CAAU,IAAA,CAAK,KAAK,CAAA,EAAG;AAEhC,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,QAAA,CAAS,KAAA,EAAO,EAAE,CAAA;AAAA,IAClC,CAAA,MAAO;AAEL,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA;AAAA,IAChB;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAKA,SAAS,cAAc,MAAA,EAA4B;AAEjD,EAAA,MAAM,UAAA,GAAa,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAG9D,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,MAAA,CAAO,UAAA,CAAW,MAAA,GAAA,CAAW,IAAK,UAAA,CAAW,MAAA,GAAS,CAAA,IAAM,CAAA,EAAI,GAAG,CAAA;AAE7F,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;;;AC3SO,SAAS,kBAAA,CACd,SACA,MAAA,EACQ;AACR,EAAA,MAAM,QAAkB,EAAC;AAGzB,EAAA,KAAA,MAAW,SAAA,IAAa,OAAO,iBAAA,EAAmB;AAChD,IAAA,MAAM,KAAA,GAAQ,iBAAA,CAAkB,OAAA,EAAS,SAAS,CAAA;AAClD,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,CAAA,EAAI,SAAS,CAAA,GAAA,EAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EACvC;AAGA,EAAA,MAAM,UAAA,GAAa,yBAAyB,MAAM,CAAA;AAClD,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,qBAAA,EAAwB,UAAU,CAAA,CAAE,CAAA;AAE/C,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAKA,SAAS,iBAAA,CAAkB,SAA2B,SAAA,EAA2B;AAE/E,EAAA,IAAI,SAAA,CAAU,UAAA,CAAW,GAAG,CAAA,EAAG;AAC7B,IAAA,OAAO,wBAAA,CAAyB,SAAS,SAAS,CAAA;AAAA,EACpD;AAGA,EAAA,OAAO,cAAA,CAAe,OAAA,CAAQ,OAAA,EAAS,SAAS,CAAA;AAClD;AAKA,SAAS,wBAAA,CAAyB,SAA2B,SAAA,EAA2B;AACtF,EAAA,QAAQ,SAAA;AAAW,IACjB,KAAK,SAAA;AACH,MAAA,OAAO,OAAA,CAAQ,OAAO,WAAA,EAAY;AAAA,IAEpC,KAAK,aAAA;AACH,MAAA,OAAO,OAAA,CAAQ,GAAA;AAAA,IAEjB,KAAK,YAAA,EAAc;AACjB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,IAAA;AAAA,MACb,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,cAAA,CAAe,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAA;AAAA,MAC/C;AAAA,IACF;AAAA,IAEA,KAAK,SAAA,EAAW;AACd,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAAA,MACrC,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,OAAA;AAAA,MACT;AAAA,IACF;AAAA,IAEA,KAAK,iBAAA,EAAmB;AACtB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,WAAW,GAAA,CAAI,MAAA;AAAA,MAC5B,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,OAAA,CAAQ,GAAA;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,KAAK,OAAA,EAAS;AACZ,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,QAAA;AAAA,MACb,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA;AAC5C,QAAA,OAAO,SAAA,GAAY,SAAA,CAAU,CAAC,CAAA,GAAI,OAAA,CAAQ,GAAA;AAAA,MAC5C;AAAA,IACF;AAAA,IAEA,KAAK,QAAA,EAAU;AACb,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,IAAI,MAAA,IAAU,GAAA;AAAA,MACvB,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,MAAM,CAAA;AAC3C,QAAA,OAAO,UAAA,GAAa,UAAA,CAAW,CAAC,CAAA,GAAI,GAAA;AAAA,MACtC;AAAA,IACF;AAAA,IAEA;AAEE,MAAA,OAAO,EAAA;AAAA;AAEb;AAKA,SAAS,cAAA,CAAe,SAAiC,IAAA,EAAsB;AAC7E,EAAA,MAAM,SAAA,GAAY,KAAK,WAAA,EAAY;AAEnC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,SAAA,EAAW;AACnC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,EAAA;AACT;AAOA,SAAS,yBAAyB,MAAA,EAAuC;AAEvE,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,iBAAA,CAAkB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAG,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA;AACzE,EAAA,IAAI,IAAA,GAAO,IAAI,UAAU,CAAA,CAAA,CAAA;AAGzB,EAAA,IAAA,IAAQ,CAAA,SAAA,EAAY,OAAO,OAAO,CAAA,CAAA;AAElC,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,IAAA,IAAQ,CAAA,SAAA,EAAY,OAAO,OAAO,CAAA,CAAA;AAAA,EACpC;AAEA,EAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAW;AAC9B,IAAA,IAAA,IAAQ,CAAA,QAAA,EAAW,OAAO,KAAK,CAAA,CAAA,CAAA;AAAA,EACjC;AAEA,EAAA,IAAA,IAAQ,CAAA,QAAA,EAAW,OAAO,KAAK,CAAA,CAAA,CAAA;AAC/B,EAAA,IAAA,IAAQ,CAAA,MAAA,EAAS,OAAO,GAAG,CAAA,CAAA,CAAA;AAE3B,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IAAA,IAAQ,CAAA,MAAA,EAAS,OAAO,GAAG,CAAA,CAAA,CAAA;AAAA,EAC7B;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,qBAAqB,aAAA,EAAmC;AACtE,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,OAAO,OAAA,CAAQ,OAAO,aAAa,CAAA;AACrC;;;AC5IA,eAAsB,eAAA,CACpB,SACA,OAAA,EAC6B;AAC7B,EAAA,MAAM,EAAE,WAAA,EAAa,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAAG,gBAAA,GAAmB,EAAA,EAAG,GAAI,OAAA;AAEpF,EAAA,IAAI;AAEF,IAAA,MAAM,cAAA,GAAiB,SAAA,CAAU,OAAA,CAAQ,OAAA,EAAS,iBAAiB,CAAA;AACnE,IAAA,MAAM,SAAA,GAAY,SAAA,CAAU,OAAA,CAAQ,OAAA,EAAS,WAAW,CAAA;AAGxD,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,cAAA,EAAgB,SAAA,EAAW,QAAQ,KAAK,CAAA;AAGtE,IAAA,IAAI,MAAA,CAAO,MAAA,CAAO,GAAA,KAAQ,SAAA,EAAW;AACnC,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,UAAA,CAAW,+BAAA;AAAA,QACX,CAAA,uBAAA,EAA0B,MAAA,CAAO,MAAA,CAAO,GAAG,CAAA,4BAAA;AAAA,OAC7C;AAAA,IACF;AAGA,IAAA,uBAAA,CAAwB,MAAA,CAAO,MAAA,EAAQ,GAAA,EAAK,gBAAgB,CAAA;AAG5D,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,MAAA,CAAO,OAAO,KAAK,CAAA;AACtD,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,UAAA,CAAW,aAAA;AAAA,QACX,CAAA,eAAA,EAAkB,MAAA,CAAO,MAAA,CAAO,KAAK,CAAA;AAAA,OACvC;AAAA,IACF;AAGA,IAAA,MAAM,aAAA,GAAgB,kBAAA,CAAmB,OAAA,EAAS,MAAA,CAAO,MAAM,CAAA;AAC/D,IAAA,MAAM,kBAAA,GAAqB,qBAAqB,aAAa,CAAA;AAG7D,IAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,kBAAA,EAAoB,OAAO,cAAc,CAAA;AAEtE,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,iBAAA,EAAmB,+BAA+B,CAAA;AAAA,IAC5F;AAEA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,IAAA;AAAA,MACP,SAAA,EAAW;AAAA,KACb;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,IAAI,iBAAiB,kBAAA,EAAoB;AACvC,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,WAAW,KAAA,CAAM,IAAA;AAAA,QACjB,cAAc,KAAA,CAAM;AAAA,OACtB;AAAA,IACF;AACA,IAAA,MAAM,KAAA;AAAA,EACR;AACF;AAKA,SAAS,uBAAA,CACP,MAAA,EACA,GAAA,EACA,gBAAA,EACM;AAEN,EAAA,IAAI,iBAAA,CAAkB,MAAA,EAAQ,GAAA,EAAK,gBAAgB,CAAA,EAAG;AACpD,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,gBAAA;AAAA,MACX,CAAA,6BAAA,EAAgC,MAAA,CAAO,OAAO,CAAA,GAAA,EAAM,MAAM,gBAAgB,CAAA;AAAA,KAC5E;AAAA,EACF;AAGA,EAAA,IAAI,SAAA,CAAU,MAAA,EAAQ,GAAG,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,iBAAA;AAAA,MACX,CAAA,mBAAA,EAAsB,MAAA,CAAO,OAAO,CAAA,GAAA,EAAM,GAAG,CAAA;AAAA,KAC/C;AAAA,EACF;AACF;AASO,SAAS,SAAA,CACd,QACA,GAAA,GAAc,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EACjC;AACT,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,MAAM,MAAA,CAAO,OAAA;AACtB;AAUO,SAAS,iBAAA,CACd,MAAA,EACA,GAAA,GAAc,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAC1C,WAAA,GAAsB,EAAA,EACb;AACT,EAAA,OAAO,MAAA,CAAO,UAAU,GAAA,GAAM,WAAA;AAChC;AAOA,eAAsB,2BAAA,GAAgD;AACpE,EAAA,IAAI;AAEF,IAAA,MAAM,UAAU,MAAM,UAAA,CAAW,OAAO,MAAA,CAAO,WAAA,CAAY,WAAW,KAAA,EAAO;AAAA,MAC3E,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AACD,IAAA,OAAO,OAAA,KAAY,IAAA;AAAA,EACrB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAWO,SAAS,wBAAwB,GAAA,EAAiC;AACvE,EAAA,OAAO,OAAO,MAAkB,SAAA,KAA4C;AAE1E,IAAA,MAAM,SAAA,GAAY,IAAI,UAAA,CAAW,SAAS,CAAA,CAAE,MAAA;AAC5C,IAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,IAAI,CAAA,CAAE,MAAA;AAKxC,IAAA,OAAO,WAAW,MAAA,CAAO,MAAA,CAAO,OAAO,SAAA,EAAW,GAAA,EAAkB,WAAW,UAAU,CAAA;AAAA,EAC3F,CAAA;AACF;AAKA,SAAS,SAAA,CAAU,SAAiC,IAAA,EAAsB;AACxE,EAAA,MAAM,SAAA,GAAY,KAAK,WAAA,EAAY;AACnC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,SAAA,EAAW;AACnC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,EAAA;AACT","file":"index.cjs","sourcesContent":["/**\n * HTTP Signature error codes per execution pack specification.\n */\n\nexport const ErrorCodes = {\n /** Signature-Input header parse failed */\n SIGNATURE_INPUT_MALFORMED: 'E_SIGNATURE_INPUT_MALFORMED',\n /** No Signature header present */\n SIGNATURE_MISSING: 'E_SIGNATURE_MISSING',\n /** Required param (created/keyid/alg) missing */\n SIGNATURE_PARAM_MISSING: 'E_SIGNATURE_PARAM_MISSING',\n /** Algorithm not ed25519 */\n SIGNATURE_ALGORITHM_UNSUPPORTED: 'E_SIGNATURE_ALGORITHM_UNSUPPORTED',\n /** Signature expired (now > expires) */\n SIGNATURE_EXPIRED: 'E_SIGNATURE_EXPIRED',\n /** Signature from future (created > now + skew) */\n SIGNATURE_FUTURE: 'E_SIGNATURE_FUTURE',\n /** Cryptographic verification failed */\n SIGNATURE_INVALID: 'E_SIGNATURE_INVALID',\n /** Ed25519 WebCrypto not supported */\n WEBCRYPTO_UNAVAILABLE: 'E_WEBCRYPTO_UNAVAILABLE',\n /** Key not found by resolver */\n KEY_NOT_FOUND: 'E_KEY_NOT_FOUND',\n} as const;\n\nexport type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];\n\n/**\n * HTTP status codes for each error.\n */\nexport const ErrorHttpStatus: Record<ErrorCode, number> = {\n [ErrorCodes.SIGNATURE_INPUT_MALFORMED]: 400,\n [ErrorCodes.SIGNATURE_MISSING]: 401,\n [ErrorCodes.SIGNATURE_PARAM_MISSING]: 400,\n [ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED]: 400,\n [ErrorCodes.SIGNATURE_EXPIRED]: 401,\n [ErrorCodes.SIGNATURE_FUTURE]: 401,\n [ErrorCodes.SIGNATURE_INVALID]: 401,\n [ErrorCodes.WEBCRYPTO_UNAVAILABLE]: 500,\n [ErrorCodes.KEY_NOT_FOUND]: 401,\n};\n\n/**\n * HTTP Signature error with code and HTTP status.\n */\nexport class HttpSignatureError extends Error {\n readonly code: ErrorCode;\n readonly httpStatus: number;\n\n constructor(code: ErrorCode, message: string) {\n super(message);\n this.name = 'HttpSignatureError';\n this.code = code;\n this.httpStatus = ErrorHttpStatus[code];\n }\n}\n","/**\n * Parser for RFC 9421 Signature-Input and Signature headers.\n *\n * Implements minimal RFC 9651 Structured Fields parsing for\n * Dictionary and Inner List types as needed by HTTP Signatures.\n */\n\nimport { ParsedSignatureParams, ParsedSignature } from './types.js';\nimport { ErrorCodes, HttpSignatureError } from './errors.js';\n\n/**\n * Parse Signature-Input header value into structured parameters.\n *\n * Format: label=(\"component1\" \"component2\");param1=value1;param2=value2\n *\n * @param headerValue - Raw Signature-Input header value\n * @returns Map of label to parsed parameters\n */\nexport function parseSignatureInput(headerValue: string): Map<string, ParsedSignatureParams> {\n const results = new Map<string, ParsedSignatureParams>();\n\n // Split by comma for multiple signatures (outer dictionary members)\n const members = splitDictionaryMembers(headerValue);\n\n for (const member of members) {\n const parsed = parseDictionaryMember(member.trim());\n if (parsed) {\n results.set(parsed.label, parsed.params);\n }\n }\n\n return results;\n}\n\n/**\n * Parse Signature header value into raw signature bytes.\n *\n * Format: label=:base64signature:\n *\n * @param headerValue - Raw Signature header value\n * @returns Map of label to signature bytes\n */\nexport function parseSignatureHeader(\n headerValue: string\n): Map<string, { bytes: Uint8Array; base64: string }> {\n const results = new Map<string, { bytes: Uint8Array; base64: string }>();\n\n const members = splitDictionaryMembers(headerValue);\n\n for (const member of members) {\n const [label, value] = splitKeyValue(member.trim());\n if (!label || !value) continue;\n\n // Extract base64 from :...: byte sequence format\n const match = value.match(/^:([A-Za-z0-9+/=_-]+):$/);\n if (!match) continue;\n\n const base64 = match[1];\n try {\n const bytes = base64ToBytes(base64);\n results.set(label, { bytes, base64 });\n } catch {\n // Skip invalid base64\n }\n }\n\n return results;\n}\n\n/**\n * Parse complete signature from both headers.\n *\n * @param signatureInput - Signature-Input header value\n * @param signature - Signature header value\n * @param label - Optional specific label to parse (defaults to first)\n * @returns Parsed signature or throws HttpSignatureError\n */\nexport function parseSignature(\n signatureInput: string,\n signature: string,\n label?: string\n): ParsedSignature {\n if (!signatureInput) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n 'Missing Signature-Input header'\n );\n }\n\n if (!signature) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_MISSING, 'Missing Signature header');\n }\n\n const inputMap = parseSignatureInput(signatureInput);\n const sigMap = parseSignatureHeader(signature);\n\n if (inputMap.size === 0) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n 'Failed to parse Signature-Input header'\n );\n }\n\n // Use specified label or first available\n const targetLabel = label ?? inputMap.keys().next().value;\n if (!targetLabel) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_INPUT_MALFORMED, 'No signature label found');\n }\n\n const params = inputMap.get(targetLabel);\n if (!params) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n `Signature label \"${targetLabel}\" not found in Signature-Input`\n );\n }\n\n const sigData = sigMap.get(targetLabel);\n if (!sigData) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_MISSING,\n `Signature label \"${targetLabel}\" not found in Signature header`\n );\n }\n\n // Validate required parameters\n if (!params.keyid) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: keyid'\n );\n }\n\n if (!params.alg) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: alg'\n );\n }\n\n if (params.created === undefined || params.created === null) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: created'\n );\n }\n\n return {\n label: targetLabel,\n params,\n signatureBytes: sigData.bytes,\n signatureBase64: sigData.base64,\n };\n}\n\n// --- Internal parsing helpers ---\n\n/**\n * Split dictionary members by comma, respecting inner lists and strings.\n */\nfunction splitDictionaryMembers(value: string): string[] {\n const members: string[] = [];\n let current = '';\n let depth = 0;\n let inString = false;\n let inByteSeq = false;\n\n for (let i = 0; i < value.length; i++) {\n const char = value[i];\n\n if (char === '\"' && !inByteSeq) {\n inString = !inString;\n current += char;\n } else if (char === ':' && !inString) {\n inByteSeq = !inByteSeq;\n current += char;\n } else if (char === '(' && !inString && !inByteSeq) {\n depth++;\n current += char;\n } else if (char === ')' && !inString && !inByteSeq) {\n depth--;\n current += char;\n } else if (char === ',' && depth === 0 && !inString && !inByteSeq) {\n if (current.trim()) {\n members.push(current.trim());\n }\n current = '';\n } else {\n current += char;\n }\n }\n\n if (current.trim()) {\n members.push(current.trim());\n }\n\n return members;\n}\n\n/**\n * Split a dictionary member into key=value pair.\n */\nfunction splitKeyValue(member: string): [string, string] {\n const eqIndex = member.indexOf('=');\n if (eqIndex === -1) {\n return [member, ''];\n }\n return [member.slice(0, eqIndex), member.slice(eqIndex + 1)];\n}\n\n/**\n * Parse a single dictionary member (label=inner-list;params).\n */\nfunction parseDictionaryMember(\n member: string\n): { label: string; params: ParsedSignatureParams } | null {\n const [label, rest] = splitKeyValue(member);\n if (!label || !rest) return null;\n\n // Parse inner list and parameters\n // Format: (\"component1\" \"component2\");param1=value1;param2=value2\n const innerListMatch = rest.match(/^\\(([^)]*)\\)(.*)$/);\n if (!innerListMatch) return null;\n\n const innerListContent = innerListMatch[1];\n const paramsString = innerListMatch[2];\n\n // Parse covered components from inner list\n const coveredComponents = parseInnerList(innerListContent);\n\n // Parse parameters\n const rawParams = parseParameters(paramsString);\n\n const params: ParsedSignatureParams = {\n keyid: String(rawParams.keyid ?? ''),\n alg: String(rawParams.alg ?? ''),\n created: rawParams.created !== undefined ? Number(rawParams.created) : 0,\n coveredComponents,\n };\n\n if (rawParams.expires !== undefined) {\n params.expires = Number(rawParams.expires);\n }\n\n if (rawParams.nonce !== undefined) {\n params.nonce = String(rawParams.nonce);\n }\n\n if (rawParams.tag !== undefined) {\n params.tag = String(rawParams.tag);\n }\n\n return { label, params };\n}\n\n/**\n * Parse inner list content (space-separated quoted strings).\n */\nfunction parseInnerList(content: string): string[] {\n const items: string[] = [];\n const regex = /\"([^\"]*)\"/g;\n let match;\n while ((match = regex.exec(content)) !== null) {\n items.push(match[1]);\n }\n return items;\n}\n\n/**\n * Parse parameters from ;key=value;key2=value2 format.\n */\nfunction parseParameters(paramsString: string): Record<string, string | number> {\n const params: Record<string, string | number> = {};\n\n // Split by semicolon\n const parts = paramsString.split(';').filter((p) => p.trim());\n\n for (const part of parts) {\n const [key, value] = splitKeyValue(part.trim());\n if (!key) continue;\n\n // Parse value - could be integer, string, or token\n if (!value) {\n params[key] = true as unknown as string;\n } else if (value.startsWith('\"') && value.endsWith('\"')) {\n // Quoted string\n params[key] = value.slice(1, -1);\n } else if (/^-?\\d+$/.test(value)) {\n // Integer\n params[key] = parseInt(value, 10);\n } else {\n // Token or other\n params[key] = value;\n }\n }\n\n return params;\n}\n\n/**\n * Decode base64 (standard or URL-safe) to bytes.\n */\nfunction base64ToBytes(base64: string): Uint8Array {\n // Handle URL-safe base64\n const normalized = base64.replace(/-/g, '+').replace(/_/g, '/');\n\n // Add padding if needed\n const padded = normalized.padEnd(normalized.length + ((4 - (normalized.length % 4)) % 4), '=');\n\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n","/**\n * Signature base construction per RFC 9421 Section 2.5.\n *\n * The signature base is a canonical string constructed from\n * covered components and signature parameters.\n */\n\nimport { ParsedSignatureParams, SignatureRequest } from './types.js';\n\n/**\n * Build signature base string for verification.\n *\n * @param request - Request data\n * @param params - Parsed signature parameters\n * @returns Signature base string\n */\nexport function buildSignatureBase(\n request: SignatureRequest,\n params: ParsedSignatureParams\n): string {\n const lines: string[] = [];\n\n // Add each covered component\n for (const component of params.coveredComponents) {\n const value = getComponentValue(request, component);\n lines.push(`\"${component}\": ${value}`);\n }\n\n // Add signature params line\n const paramsLine = buildSignatureParamsLine(params);\n lines.push(`\"@signature-params\": ${paramsLine}`);\n\n return lines.join('\\n');\n}\n\n/**\n * Get the canonical value for a component identifier.\n */\nfunction getComponentValue(request: SignatureRequest, component: string): string {\n // Derived components start with @\n if (component.startsWith('@')) {\n return getDerivedComponentValue(request, component);\n }\n\n // Otherwise it's a header field\n return getHeaderValue(request.headers, component);\n}\n\n/**\n * Get derived component value.\n */\nfunction getDerivedComponentValue(request: SignatureRequest, component: string): string {\n switch (component) {\n case '@method':\n return request.method.toUpperCase();\n\n case '@target-uri':\n return request.url;\n\n case '@authority': {\n try {\n const url = new URL(request.url);\n return url.host;\n } catch {\n // If URL parsing fails, try to extract from headers\n return getHeaderValue(request.headers, 'host');\n }\n }\n\n case '@scheme': {\n try {\n const url = new URL(request.url);\n return url.protocol.replace(':', '');\n } catch {\n return 'https';\n }\n }\n\n case '@request-target': {\n try {\n const url = new URL(request.url);\n return url.pathname + url.search;\n } catch {\n // If not a full URL, assume it's already a path\n return request.url;\n }\n }\n\n case '@path': {\n try {\n const url = new URL(request.url);\n return url.pathname;\n } catch {\n const pathMatch = request.url.match(/^[^?]*/);\n return pathMatch ? pathMatch[0] : request.url;\n }\n }\n\n case '@query': {\n try {\n const url = new URL(request.url);\n return url.search || '?';\n } catch {\n const queryMatch = request.url.match(/\\?.*/);\n return queryMatch ? queryMatch[0] : '?';\n }\n }\n\n default:\n // Unknown derived component - return empty\n return '';\n }\n}\n\n/**\n * Get header value by name (case-insensitive).\n */\nfunction getHeaderValue(headers: Record<string, string>, name: string): string {\n const lowerName = name.toLowerCase();\n\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lowerName) {\n return value;\n }\n }\n\n return '';\n}\n\n/**\n * Build the signature-params line value.\n *\n * Format: (\"component1\" \"component2\");created=123;keyid=\"key\";alg=\"ed25519\"\n */\nfunction buildSignatureParamsLine(params: ParsedSignatureParams): string {\n // Build inner list of components\n const components = params.coveredComponents.map((c) => `\"${c}\"`).join(' ');\n let line = `(${components})`;\n\n // Add required parameters in canonical order\n line += `;created=${params.created}`;\n\n if (params.expires !== undefined) {\n line += `;expires=${params.expires}`;\n }\n\n if (params.nonce !== undefined) {\n line += `;nonce=\"${params.nonce}\"`;\n }\n\n line += `;keyid=\"${params.keyid}\"`;\n line += `;alg=\"${params.alg}\"`;\n\n if (params.tag !== undefined) {\n line += `;tag=\"${params.tag}\"`;\n }\n\n return line;\n}\n\n/**\n * Convert signature base string to bytes for cryptographic verification.\n */\nexport function signatureBaseToBytes(signatureBase: string): Uint8Array {\n const encoder = new TextEncoder();\n return encoder.encode(signatureBase);\n}\n","/**\n * HTTP Message Signature verification.\n *\n * Runtime-neutral verification using SignatureVerifier function type.\n * WebCrypto is used internally but NOT exposed in public API.\n */\n\nimport {\n SignatureVerifier,\n KeyResolver,\n SignatureRequest,\n VerifyOptions,\n VerificationResult,\n ParsedSignatureParams,\n} from './types.js';\nimport { parseSignature } from './parser.js';\nimport { buildSignatureBase, signatureBaseToBytes } from './base.js';\nimport { ErrorCodes, HttpSignatureError } from './errors.js';\n\n/**\n * Verify an HTTP Message Signature.\n *\n * @param request - Request data with headers\n * @param options - Verification options including key resolver\n * @returns Verification result\n */\nexport async function verifySignature(\n request: SignatureRequest,\n options: VerifyOptions\n): Promise<VerificationResult> {\n const { keyResolver, now = Math.floor(Date.now() / 1000), clockSkewSeconds = 60 } = options;\n\n try {\n // Get signature headers\n const signatureInput = getHeader(request.headers, 'signature-input');\n const signature = getHeader(request.headers, 'signature');\n\n // Parse signature\n const parsed = parseSignature(signatureInput, signature, options.label);\n\n // Validate algorithm\n if (parsed.params.alg !== 'ed25519') {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED,\n `Unsupported algorithm: ${parsed.params.alg} (only ed25519 is supported)`\n );\n }\n\n // Validate time constraints\n validateTimeConstraints(parsed.params, now, clockSkewSeconds);\n\n // Resolve key\n const verifier = await keyResolver(parsed.params.keyid);\n if (!verifier) {\n throw new HttpSignatureError(\n ErrorCodes.KEY_NOT_FOUND,\n `Key not found: ${parsed.params.keyid}`\n );\n }\n\n // Build signature base\n const signatureBase = buildSignatureBase(request, parsed.params);\n const signatureBaseBytes = signatureBaseToBytes(signatureBase);\n\n // Verify signature\n const valid = await verifier(signatureBaseBytes, parsed.signatureBytes);\n\n if (!valid) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_INVALID, 'Signature verification failed');\n }\n\n return {\n valid: true,\n signature: parsed,\n };\n } catch (error) {\n if (error instanceof HttpSignatureError) {\n return {\n valid: false,\n errorCode: error.code,\n errorMessage: error.message,\n };\n }\n throw error;\n }\n}\n\n/**\n * Validate time constraints on signature parameters.\n */\nfunction validateTimeConstraints(\n params: ParsedSignatureParams,\n now: number,\n clockSkewSeconds: number\n): void {\n // Check if signature is from the future (with skew tolerance)\n if (isCreatedInFuture(params, now, clockSkewSeconds)) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_FUTURE,\n `Signature created in future: ${params.created} > ${now + clockSkewSeconds}`\n );\n }\n\n // Check if signature is expired\n if (isExpired(params, now)) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_EXPIRED,\n `Signature expired: ${params.expires} < ${now}`\n );\n }\n}\n\n/**\n * Check if signature is expired.\n *\n * @param params - Parsed signature parameters\n * @param now - Current Unix timestamp (defaults to current time)\n * @returns true if signature is expired\n */\nexport function isExpired(\n params: ParsedSignatureParams,\n now: number = Math.floor(Date.now() / 1000)\n): boolean {\n if (params.expires === undefined) {\n return false;\n }\n return now > params.expires;\n}\n\n/**\n * Check if signature was created in the future (accounting for clock skew).\n *\n * @param params - Parsed signature parameters\n * @param now - Current Unix timestamp (defaults to current time)\n * @param skewSeconds - Allowed clock skew in seconds (defaults to 60)\n * @returns true if signature is from the future\n */\nexport function isCreatedInFuture(\n params: ParsedSignatureParams,\n now: number = Math.floor(Date.now() / 1000),\n skewSeconds: number = 60\n): boolean {\n return params.created > now + skewSeconds;\n}\n\n/**\n * Check if Ed25519 WebCrypto is supported in current runtime.\n *\n * @returns true if Ed25519 WebCrypto is available\n */\nexport async function isEd25519WebCryptoSupported(): Promise<boolean> {\n try {\n // Try to generate a key pair to test support\n const keyPair = await globalThis.crypto.subtle.generateKey('Ed25519', false, [\n 'sign',\n 'verify',\n ]);\n return keyPair !== null;\n } catch {\n return false;\n }\n}\n\n/**\n * Create a SignatureVerifier from a WebCrypto CryptoKey.\n *\n * This is a helper for consumers who have CryptoKey objects.\n * The function is runtime-neutral as it accepts unknown and casts internally.\n *\n * @param key - WebCrypto CryptoKey (passed as unknown for runtime neutrality)\n * @returns SignatureVerifier function\n */\nexport function createWebCryptoVerifier(key: unknown): SignatureVerifier {\n return async (data: Uint8Array, signature: Uint8Array): Promise<boolean> => {\n // Create proper ArrayBuffer views to satisfy TypeScript\n const sigBuffer = new Uint8Array(signature).buffer;\n const dataBuffer = new Uint8Array(data).buffer;\n\n // Use type from the actual WebCrypto API to avoid DOM type dependency\n type VerifyKey = Parameters<typeof globalThis.crypto.subtle.verify>[1];\n\n return globalThis.crypto.subtle.verify('Ed25519', key as VerifyKey, sigBuffer, dataBuffer);\n };\n}\n\n/**\n * Get header value by name (case-insensitive).\n */\nfunction getHeader(headers: Record<string, string>, name: string): string {\n const lowerName = name.toLowerCase();\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lowerName) {\n return value;\n }\n }\n return '';\n}\n"]}
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors.ts","../src/parser.ts","../src/base.ts","../src/verify.ts"],"names":[],"mappings":";AAIO,IAAM,UAAA,GAAa;AAAA;AAAA,EAExB,yBAAA,EAA2B,6BAAA;AAAA;AAAA,EAE3B,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,uBAAA,EAAyB,2BAAA;AAAA;AAAA,EAEzB,+BAAA,EAAiC,mCAAA;AAAA;AAAA,EAEjC,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,gBAAA,EAAkB,oBAAA;AAAA;AAAA,EAElB,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,qBAAA,EAAuB,yBAAA;AAAA;AAAA,EAEvB,aAAA,EAAe;AACjB;AAOO,IAAM,eAAA,GAA6C;AAAA,EACxD,CAAC,UAAA,CAAW,yBAAyB,GAAG,GAAA;AAAA,EACxC,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,uBAAuB,GAAG,GAAA;AAAA,EACtC,CAAC,UAAA,CAAW,+BAA+B,GAAG,GAAA;AAAA,EAC9C,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,gBAAgB,GAAG,GAAA;AAAA,EAC/B,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,qBAAqB,GAAG,GAAA;AAAA,EACpC,CAAC,UAAA,CAAW,aAAa,GAAG;AAC9B;AAKO,IAAM,kBAAA,GAAN,cAAiC,KAAA,CAAM;AAAA,EACnC,IAAA;AAAA,EACA,UAAA;AAAA,EAET,WAAA,CAAY,MAAiB,OAAA,EAAiB;AAC5C,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,gBAAgB,IAAI,CAAA;AAAA,EACxC;AACF;;;ACrCO,SAAS,oBAAoB,WAAA,EAAyD;AAC3F,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAmC;AAGvD,EAAA,MAAM,OAAA,GAAU,uBAAuB,WAAW,CAAA;AAElD,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,MAAA,CAAO,IAAA,EAAM,CAAA;AAClD,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,KAAA,EAAO,MAAA,CAAO,MAAM,CAAA;AAAA,IACzC;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAUO,SAAS,qBACd,WAAA,EACoD;AACpD,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAmD;AAEvE,EAAA,MAAM,OAAA,GAAU,uBAAuB,WAAW,CAAA;AAElD,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,CAAC,KAAA,EAAO,KAAK,IAAI,aAAA,CAAc,MAAA,CAAO,MAAM,CAAA;AAClD,IAAA,IAAI,CAAC,KAAA,IAAS,CAAC,KAAA,EAAO;AAGtB,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,yBAAyB,CAAA;AACnD,IAAA,IAAI,CAAC,KAAA,EAAO;AAEZ,IAAA,MAAM,MAAA,GAAS,MAAM,CAAC,CAAA;AACtB,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,cAAc,MAAM,CAAA;AAClC,MAAA,OAAA,CAAQ,GAAA,CAAI,KAAA,EAAO,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,IACtC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAUO,SAAS,cAAA,CACd,cAAA,EACA,SAAA,EACA,KAAA,EACiB;AACjB,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,iBAAA,EAAmB,0BAA0B,CAAA;AAAA,EACvF;AAEA,EAAA,MAAM,QAAA,GAAW,oBAAoB,cAAc,CAAA;AACnD,EAAA,MAAM,MAAA,GAAS,qBAAqB,SAAS,CAAA;AAE7C,EAAA,IAAI,QAAA,CAAS,SAAS,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,cAAc,KAAA,IAAS,QAAA,CAAS,IAAA,EAAK,CAAE,MAAK,CAAE,KAAA;AACpD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,yBAAA,EAA2B,0BAA0B,CAAA;AAAA,EAC/F;AAEA,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,GAAA,CAAI,WAAW,CAAA;AACvC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX,oBAAoB,WAAW,CAAA,8BAAA;AAAA,KACjC;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,GAAA,CAAI,WAAW,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,iBAAA;AAAA,MACX,oBAAoB,WAAW,CAAA,+BAAA;AAAA,KACjC;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,OAAO,GAAA,EAAK;AACf,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,CAAO,OAAA,KAAY,MAAA,IAAa,MAAA,CAAO,YAAY,IAAA,EAAM;AAC3D,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,WAAA;AAAA,IACP,MAAA;AAAA,IACA,gBAAgB,OAAA,CAAQ,KAAA;AAAA,IACxB,iBAAiB,OAAA,CAAQ;AAAA,GAC3B;AACF;AAOA,SAAS,uBAAuB,KAAA,EAAyB;AACvD,EAAA,MAAM,UAAoB,EAAC;AAC3B,EAAA,IAAI,OAAA,GAAU,EAAA;AACd,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,IAAI,QAAA,GAAW,KAAA;AACf,EAAA,IAAI,SAAA,GAAY,KAAA;AAEhB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AAEpB,IAAA,IAAI,IAAA,KAAS,GAAA,IAAO,CAAC,SAAA,EAAW;AAC9B,MAAA,QAAA,GAAW,CAAC,QAAA;AACZ,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,CAAA,MAAA,IAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,EAAU;AACpC,MAAA,SAAA,GAAY,CAAC,SAAA;AACb,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,WAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AAClD,MAAA,KAAA,EAAA;AACA,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,WAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AAClD,MAAA,KAAA,EAAA;AACA,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,CAAA,MAAA,IAAW,SAAS,GAAA,IAAO,KAAA,KAAU,KAAK,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AACjE,MAAA,IAAI,OAAA,CAAQ,MAAK,EAAG;AAClB,QAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,CAAA;AAAA,MAC7B;AACA,MAAA,OAAA,GAAU,EAAA;AAAA,IACZ,CAAA,MAAO;AACL,MAAA,OAAA,IAAW,IAAA;AAAA,IACb;AAAA,EACF;AAEA,EAAA,IAAI,OAAA,CAAQ,MAAK,EAAG;AAClB,IAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,CAAA;AAAA,EAC7B;AAEA,EAAA,OAAO,OAAA;AACT;AAKA,SAAS,cAAc,MAAA,EAAkC;AACvD,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,YAAY,EAAA,EAAI;AAClB,IAAA,OAAO,CAAC,QAAQ,EAAE,CAAA;AAAA,EACpB;AACA,EAAA,OAAO,CAAC,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,OAAO,GAAG,MAAA,CAAO,KAAA,CAAM,OAAA,GAAU,CAAC,CAAC,CAAA;AAC7D;AAKA,SAAS,sBACP,MAAA,EACyD;AACzD,EAAA,MAAM,CAAC,KAAA,EAAO,IAAI,CAAA,GAAI,cAAc,MAAM,CAAA;AAC1C,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,IAAA,EAAM,OAAO,IAAA;AAI5B,EAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,KAAA,CAAM,mBAAmB,CAAA;AACrD,EAAA,IAAI,CAAC,gBAAgB,OAAO,IAAA;AAE5B,EAAA,MAAM,gBAAA,GAAmB,eAAe,CAAC,CAAA;AACzC,EAAA,MAAM,YAAA,GAAe,eAAe,CAAC,CAAA;AAGrC,EAAA,MAAM,iBAAA,GAAoB,eAAe,gBAAgB,CAAA;AAGzD,EAAA,MAAM,SAAA,GAAY,gBAAgB,YAAY,CAAA;AAE9C,EAAA,MAAM,MAAA,GAAgC;AAAA,IACpC,KAAA,EAAO,MAAA,CAAO,SAAA,CAAU,KAAA,IAAS,EAAE,CAAA;AAAA,IACnC,GAAA,EAAK,MAAA,CAAO,SAAA,CAAU,GAAA,IAAO,EAAE,CAAA;AAAA,IAC/B,SAAS,SAAA,CAAU,OAAA,KAAY,SAAY,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA,GAAI,CAAA;AAAA,IACvE;AAAA,GACF;AAEA,EAAA,IAAI,SAAA,CAAU,YAAY,MAAA,EAAW;AACnC,IAAA,MAAA,CAAO,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA;AAAA,EAC3C;AAEA,EAAA,IAAI,SAAA,CAAU,UAAU,MAAA,EAAW;AACjC,IAAA,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,SAAA,CAAU,KAAK,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,SAAA,CAAU,QAAQ,MAAA,EAAW;AAC/B,IAAA,MAAA,CAAO,GAAA,GAAM,MAAA,CAAO,SAAA,CAAU,GAAG,CAAA;AAAA,EACnC;AAEA,EAAA,OAAO,EAAE,OAAO,MAAA,EAAO;AACzB;AAKA,SAAS,eAAe,OAAA,EAA2B;AACjD,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,MAAM,KAAA,GAAQ,YAAA;AACd,EAAA,IAAI,KAAA;AACJ,EAAA,OAAA,CAAQ,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,OAAO,IAAA,EAAM;AAC7C,IAAA,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACrB;AACA,EAAA,OAAO,KAAA;AACT;AAKA,SAAS,gBAAgB,YAAA,EAAuD;AAC9E,EAAA,MAAM,SAA0C,EAAC;AAGjD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,CAAC,CAAA,KAAM,CAAA,CAAE,IAAA,EAAM,CAAA;AAE5D,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,CAAC,GAAA,EAAK,KAAK,IAAI,aAAA,CAAc,IAAA,CAAK,MAAM,CAAA;AAC9C,IAAA,IAAI,CAAC,GAAA,EAAK;AAGV,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,IAAA;AAAA,IAChB,CAAA,MAAA,IAAW,MAAM,UAAA,CAAW,GAAG,KAAK,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAEvD,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA,CAAM,KAAA,CAAM,GAAG,EAAE,CAAA;AAAA,IACjC,CAAA,MAAA,IAAW,SAAA,CAAU,IAAA,CAAK,KAAK,CAAA,EAAG;AAEhC,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,QAAA,CAAS,KAAA,EAAO,EAAE,CAAA;AAAA,IAClC,CAAA,MAAO;AAEL,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA;AAAA,IAChB;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAKA,SAAS,cAAc,MAAA,EAA4B;AAEjD,EAAA,MAAM,UAAA,GAAa,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAG9D,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,MAAA,CAAO,UAAA,CAAW,MAAA,GAAA,CAAW,IAAK,UAAA,CAAW,MAAA,GAAS,CAAA,IAAM,CAAA,EAAI,GAAG,CAAA;AAE7F,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;;;AC3SO,SAAS,kBAAA,CACd,SACA,MAAA,EACQ;AACR,EAAA,MAAM,QAAkB,EAAC;AAGzB,EAAA,KAAA,MAAW,SAAA,IAAa,OAAO,iBAAA,EAAmB;AAChD,IAAA,MAAM,KAAA,GAAQ,iBAAA,CAAkB,OAAA,EAAS,SAAS,CAAA;AAClD,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,CAAA,EAAI,SAAS,CAAA,GAAA,EAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EACvC;AAGA,EAAA,MAAM,UAAA,GAAa,yBAAyB,MAAM,CAAA;AAClD,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,qBAAA,EAAwB,UAAU,CAAA,CAAE,CAAA;AAE/C,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAKA,SAAS,iBAAA,CAAkB,SAA2B,SAAA,EAA2B;AAE/E,EAAA,IAAI,SAAA,CAAU,UAAA,CAAW,GAAG,CAAA,EAAG;AAC7B,IAAA,OAAO,wBAAA,CAAyB,SAAS,SAAS,CAAA;AAAA,EACpD;AAGA,EAAA,OAAO,cAAA,CAAe,OAAA,CAAQ,OAAA,EAAS,SAAS,CAAA;AAClD;AAKA,SAAS,wBAAA,CAAyB,SAA2B,SAAA,EAA2B;AACtF,EAAA,QAAQ,SAAA;AAAW,IACjB,KAAK,SAAA;AACH,MAAA,OAAO,OAAA,CAAQ,OAAO,WAAA,EAAY;AAAA,IAEpC,KAAK,aAAA;AACH,MAAA,OAAO,OAAA,CAAQ,GAAA;AAAA,IAEjB,KAAK,YAAA,EAAc;AACjB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,IAAA;AAAA,MACb,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,cAAA,CAAe,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAA;AAAA,MAC/C;AAAA,IACF;AAAA,IAEA,KAAK,SAAA,EAAW;AACd,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAAA,MACrC,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,OAAA;AAAA,MACT;AAAA,IACF;AAAA,IAEA,KAAK,iBAAA,EAAmB;AACtB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,WAAW,GAAA,CAAI,MAAA;AAAA,MAC5B,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,OAAA,CAAQ,GAAA;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,KAAK,OAAA,EAAS;AACZ,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,QAAA;AAAA,MACb,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA;AAC5C,QAAA,OAAO,SAAA,GAAY,SAAA,CAAU,CAAC,CAAA,GAAI,OAAA,CAAQ,GAAA;AAAA,MAC5C;AAAA,IACF;AAAA,IAEA,KAAK,QAAA,EAAU;AACb,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,IAAI,MAAA,IAAU,GAAA;AAAA,MACvB,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,MAAM,CAAA;AAC3C,QAAA,OAAO,UAAA,GAAa,UAAA,CAAW,CAAC,CAAA,GAAI,GAAA;AAAA,MACtC;AAAA,IACF;AAAA,IAEA;AAEE,MAAA,OAAO,EAAA;AAAA;AAEb;AAKA,SAAS,cAAA,CAAe,SAAiC,IAAA,EAAsB;AAC7E,EAAA,MAAM,SAAA,GAAY,KAAK,WAAA,EAAY;AAEnC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,SAAA,EAAW;AACnC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,EAAA;AACT;AAOA,SAAS,yBAAyB,MAAA,EAAuC;AAEvE,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,iBAAA,CAAkB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAG,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA;AACzE,EAAA,IAAI,IAAA,GAAO,IAAI,UAAU,CAAA,CAAA,CAAA;AAGzB,EAAA,IAAA,IAAQ,CAAA,SAAA,EAAY,OAAO,OAAO,CAAA,CAAA;AAElC,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,IAAA,IAAQ,CAAA,SAAA,EAAY,OAAO,OAAO,CAAA,CAAA;AAAA,EACpC;AAEA,EAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAW;AAC9B,IAAA,IAAA,IAAQ,CAAA,QAAA,EAAW,OAAO,KAAK,CAAA,CAAA,CAAA;AAAA,EACjC;AAEA,EAAA,IAAA,IAAQ,CAAA,QAAA,EAAW,OAAO,KAAK,CAAA,CAAA,CAAA;AAC/B,EAAA,IAAA,IAAQ,CAAA,MAAA,EAAS,OAAO,GAAG,CAAA,CAAA,CAAA;AAE3B,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IAAA,IAAQ,CAAA,MAAA,EAAS,OAAO,GAAG,CAAA,CAAA,CAAA;AAAA,EAC7B;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,qBAAqB,aAAA,EAAmC;AACtE,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,OAAO,OAAA,CAAQ,OAAO,aAAa,CAAA;AACrC;;;AC5IA,eAAsB,eAAA,CACpB,SACA,OAAA,EAC6B;AAC7B,EAAA,MAAM,EAAE,WAAA,EAAa,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAAG,gBAAA,GAAmB,EAAA,EAAG,GAAI,OAAA;AAEpF,EAAA,IAAI;AAEF,IAAA,MAAM,cAAA,GAAiB,SAAA,CAAU,OAAA,CAAQ,OAAA,EAAS,iBAAiB,CAAA;AACnE,IAAA,MAAM,SAAA,GAAY,SAAA,CAAU,OAAA,CAAQ,OAAA,EAAS,WAAW,CAAA;AAGxD,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,cAAA,EAAgB,SAAA,EAAW,QAAQ,KAAK,CAAA;AAGtE,IAAA,IAAI,MAAA,CAAO,MAAA,CAAO,GAAA,KAAQ,SAAA,EAAW;AACnC,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,UAAA,CAAW,+BAAA;AAAA,QACX,CAAA,uBAAA,EAA0B,MAAA,CAAO,MAAA,CAAO,GAAG,CAAA,4BAAA;AAAA,OAC7C;AAAA,IACF;AAGA,IAAA,uBAAA,CAAwB,MAAA,CAAO,MAAA,EAAQ,GAAA,EAAK,gBAAgB,CAAA;AAG5D,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,MAAA,CAAO,OAAO,KAAK,CAAA;AACtD,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,UAAA,CAAW,aAAA;AAAA,QACX,CAAA,eAAA,EAAkB,MAAA,CAAO,MAAA,CAAO,KAAK,CAAA;AAAA,OACvC;AAAA,IACF;AAGA,IAAA,MAAM,aAAA,GAAgB,kBAAA,CAAmB,OAAA,EAAS,MAAA,CAAO,MAAM,CAAA;AAC/D,IAAA,MAAM,kBAAA,GAAqB,qBAAqB,aAAa,CAAA;AAG7D,IAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,kBAAA,EAAoB,OAAO,cAAc,CAAA;AAEtE,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,iBAAA,EAAmB,+BAA+B,CAAA;AAAA,IAC5F;AAEA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,IAAA;AAAA,MACP,SAAA,EAAW;AAAA,KACb;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,IAAI,iBAAiB,kBAAA,EAAoB;AACvC,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,WAAW,KAAA,CAAM,IAAA;AAAA,QACjB,cAAc,KAAA,CAAM;AAAA,OACtB;AAAA,IACF;AACA,IAAA,MAAM,KAAA;AAAA,EACR;AACF;AAKA,SAAS,uBAAA,CACP,MAAA,EACA,GAAA,EACA,gBAAA,EACM;AAEN,EAAA,IAAI,iBAAA,CAAkB,MAAA,EAAQ,GAAA,EAAK,gBAAgB,CAAA,EAAG;AACpD,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,gBAAA;AAAA,MACX,CAAA,6BAAA,EAAgC,MAAA,CAAO,OAAO,CAAA,GAAA,EAAM,MAAM,gBAAgB,CAAA;AAAA,KAC5E;AAAA,EACF;AAGA,EAAA,IAAI,SAAA,CAAU,MAAA,EAAQ,GAAG,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,iBAAA;AAAA,MACX,CAAA,mBAAA,EAAsB,MAAA,CAAO,OAAO,CAAA,GAAA,EAAM,GAAG,CAAA;AAAA,KAC/C;AAAA,EACF;AACF;AASO,SAAS,SAAA,CACd,QACA,GAAA,GAAc,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EACjC;AACT,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,MAAM,MAAA,CAAO,OAAA;AACtB;AAUO,SAAS,iBAAA,CACd,MAAA,EACA,GAAA,GAAc,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAC1C,WAAA,GAAsB,EAAA,EACb;AACT,EAAA,OAAO,MAAA,CAAO,UAAU,GAAA,GAAM,WAAA;AAChC;AAOA,eAAsB,2BAAA,GAAgD;AACpE,EAAA,IAAI;AAEF,IAAA,MAAM,UAAU,MAAM,UAAA,CAAW,OAAO,MAAA,CAAO,WAAA,CAAY,WAAW,KAAA,EAAO;AAAA,MAC3E,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AACD,IAAA,OAAO,OAAA,KAAY,IAAA;AAAA,EACrB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAWO,SAAS,wBAAwB,GAAA,EAAiC;AACvE,EAAA,OAAO,OAAO,MAAkB,SAAA,KAA4C;AAE1E,IAAA,MAAM,SAAA,GAAY,IAAI,UAAA,CAAW,SAAS,CAAA,CAAE,MAAA;AAC5C,IAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,IAAI,CAAA,CAAE,MAAA;AAKxC,IAAA,OAAO,WAAW,MAAA,CAAO,MAAA,CAAO,OAAO,SAAA,EAAW,GAAA,EAAkB,WAAW,UAAU,CAAA;AAAA,EAC3F,CAAA;AACF;AAKA,SAAS,SAAA,CAAU,SAAiC,IAAA,EAAsB;AACxE,EAAA,MAAM,SAAA,GAAY,KAAK,WAAA,EAAY;AACnC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,SAAA,EAAW;AACnC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,EAAA;AACT","file":"index.js","sourcesContent":["/**\n * HTTP Signature error codes per execution pack specification.\n */\n\nexport const ErrorCodes = {\n /** Signature-Input header parse failed */\n SIGNATURE_INPUT_MALFORMED: 'E_SIGNATURE_INPUT_MALFORMED',\n /** No Signature header present */\n SIGNATURE_MISSING: 'E_SIGNATURE_MISSING',\n /** Required param (created/keyid/alg) missing */\n SIGNATURE_PARAM_MISSING: 'E_SIGNATURE_PARAM_MISSING',\n /** Algorithm not ed25519 */\n SIGNATURE_ALGORITHM_UNSUPPORTED: 'E_SIGNATURE_ALGORITHM_UNSUPPORTED',\n /** Signature expired (now > expires) */\n SIGNATURE_EXPIRED: 'E_SIGNATURE_EXPIRED',\n /** Signature from future (created > now + skew) */\n SIGNATURE_FUTURE: 'E_SIGNATURE_FUTURE',\n /** Cryptographic verification failed */\n SIGNATURE_INVALID: 'E_SIGNATURE_INVALID',\n /** Ed25519 WebCrypto not supported */\n WEBCRYPTO_UNAVAILABLE: 'E_WEBCRYPTO_UNAVAILABLE',\n /** Key not found by resolver */\n KEY_NOT_FOUND: 'E_KEY_NOT_FOUND',\n} as const;\n\nexport type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];\n\n/**\n * HTTP status codes for each error.\n */\nexport const ErrorHttpStatus: Record<ErrorCode, number> = {\n [ErrorCodes.SIGNATURE_INPUT_MALFORMED]: 400,\n [ErrorCodes.SIGNATURE_MISSING]: 401,\n [ErrorCodes.SIGNATURE_PARAM_MISSING]: 400,\n [ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED]: 400,\n [ErrorCodes.SIGNATURE_EXPIRED]: 401,\n [ErrorCodes.SIGNATURE_FUTURE]: 401,\n [ErrorCodes.SIGNATURE_INVALID]: 401,\n [ErrorCodes.WEBCRYPTO_UNAVAILABLE]: 500,\n [ErrorCodes.KEY_NOT_FOUND]: 401,\n};\n\n/**\n * HTTP Signature error with code and HTTP status.\n */\nexport class HttpSignatureError extends Error {\n readonly code: ErrorCode;\n readonly httpStatus: number;\n\n constructor(code: ErrorCode, message: string) {\n super(message);\n this.name = 'HttpSignatureError';\n this.code = code;\n this.httpStatus = ErrorHttpStatus[code];\n }\n}\n","/**\n * Parser for RFC 9421 Signature-Input and Signature headers.\n *\n * Implements minimal RFC 8941 Structured Fields parsing for\n * Dictionary and Inner List types as needed by HTTP Signatures.\n */\n\nimport { ParsedSignatureParams, ParsedSignature } from './types.js';\nimport { ErrorCodes, HttpSignatureError } from './errors.js';\n\n/**\n * Parse Signature-Input header value into structured parameters.\n *\n * Format: label=(\"component1\" \"component2\");param1=value1;param2=value2\n *\n * @param headerValue - Raw Signature-Input header value\n * @returns Map of label to parsed parameters\n */\nexport function parseSignatureInput(headerValue: string): Map<string, ParsedSignatureParams> {\n const results = new Map<string, ParsedSignatureParams>();\n\n // Split by comma for multiple signatures (outer dictionary members)\n const members = splitDictionaryMembers(headerValue);\n\n for (const member of members) {\n const parsed = parseDictionaryMember(member.trim());\n if (parsed) {\n results.set(parsed.label, parsed.params);\n }\n }\n\n return results;\n}\n\n/**\n * Parse Signature header value into raw signature bytes.\n *\n * Format: label=:base64signature:\n *\n * @param headerValue - Raw Signature header value\n * @returns Map of label to signature bytes\n */\nexport function parseSignatureHeader(\n headerValue: string\n): Map<string, { bytes: Uint8Array; base64: string }> {\n const results = new Map<string, { bytes: Uint8Array; base64: string }>();\n\n const members = splitDictionaryMembers(headerValue);\n\n for (const member of members) {\n const [label, value] = splitKeyValue(member.trim());\n if (!label || !value) continue;\n\n // Extract base64 from :...: byte sequence format\n const match = value.match(/^:([A-Za-z0-9+/=_-]+):$/);\n if (!match) continue;\n\n const base64 = match[1];\n try {\n const bytes = base64ToBytes(base64);\n results.set(label, { bytes, base64 });\n } catch {\n // Skip invalid base64\n }\n }\n\n return results;\n}\n\n/**\n * Parse complete signature from both headers.\n *\n * @param signatureInput - Signature-Input header value\n * @param signature - Signature header value\n * @param label - Optional specific label to parse (defaults to first)\n * @returns Parsed signature or throws HttpSignatureError\n */\nexport function parseSignature(\n signatureInput: string,\n signature: string,\n label?: string\n): ParsedSignature {\n if (!signatureInput) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n 'Missing Signature-Input header'\n );\n }\n\n if (!signature) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_MISSING, 'Missing Signature header');\n }\n\n const inputMap = parseSignatureInput(signatureInput);\n const sigMap = parseSignatureHeader(signature);\n\n if (inputMap.size === 0) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n 'Failed to parse Signature-Input header'\n );\n }\n\n // Use specified label or first available\n const targetLabel = label ?? inputMap.keys().next().value;\n if (!targetLabel) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_INPUT_MALFORMED, 'No signature label found');\n }\n\n const params = inputMap.get(targetLabel);\n if (!params) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n `Signature label \"${targetLabel}\" not found in Signature-Input`\n );\n }\n\n const sigData = sigMap.get(targetLabel);\n if (!sigData) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_MISSING,\n `Signature label \"${targetLabel}\" not found in Signature header`\n );\n }\n\n // Validate required parameters\n if (!params.keyid) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: keyid'\n );\n }\n\n if (!params.alg) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: alg'\n );\n }\n\n if (params.created === undefined || params.created === null) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: created'\n );\n }\n\n return {\n label: targetLabel,\n params,\n signatureBytes: sigData.bytes,\n signatureBase64: sigData.base64,\n };\n}\n\n// --- Internal parsing helpers ---\n\n/**\n * Split dictionary members by comma, respecting inner lists and strings.\n */\nfunction splitDictionaryMembers(value: string): string[] {\n const members: string[] = [];\n let current = '';\n let depth = 0;\n let inString = false;\n let inByteSeq = false;\n\n for (let i = 0; i < value.length; i++) {\n const char = value[i];\n\n if (char === '\"' && !inByteSeq) {\n inString = !inString;\n current += char;\n } else if (char === ':' && !inString) {\n inByteSeq = !inByteSeq;\n current += char;\n } else if (char === '(' && !inString && !inByteSeq) {\n depth++;\n current += char;\n } else if (char === ')' && !inString && !inByteSeq) {\n depth--;\n current += char;\n } else if (char === ',' && depth === 0 && !inString && !inByteSeq) {\n if (current.trim()) {\n members.push(current.trim());\n }\n current = '';\n } else {\n current += char;\n }\n }\n\n if (current.trim()) {\n members.push(current.trim());\n }\n\n return members;\n}\n\n/**\n * Split a dictionary member into key=value pair.\n */\nfunction splitKeyValue(member: string): [string, string] {\n const eqIndex = member.indexOf('=');\n if (eqIndex === -1) {\n return [member, ''];\n }\n return [member.slice(0, eqIndex), member.slice(eqIndex + 1)];\n}\n\n/**\n * Parse a single dictionary member (label=inner-list;params).\n */\nfunction parseDictionaryMember(\n member: string\n): { label: string; params: ParsedSignatureParams } | null {\n const [label, rest] = splitKeyValue(member);\n if (!label || !rest) return null;\n\n // Parse inner list and parameters\n // Format: (\"component1\" \"component2\");param1=value1;param2=value2\n const innerListMatch = rest.match(/^\\(([^)]*)\\)(.*)$/);\n if (!innerListMatch) return null;\n\n const innerListContent = innerListMatch[1];\n const paramsString = innerListMatch[2];\n\n // Parse covered components from inner list\n const coveredComponents = parseInnerList(innerListContent);\n\n // Parse parameters\n const rawParams = parseParameters(paramsString);\n\n const params: ParsedSignatureParams = {\n keyid: String(rawParams.keyid ?? ''),\n alg: String(rawParams.alg ?? ''),\n created: rawParams.created !== undefined ? Number(rawParams.created) : 0,\n coveredComponents,\n };\n\n if (rawParams.expires !== undefined) {\n params.expires = Number(rawParams.expires);\n }\n\n if (rawParams.nonce !== undefined) {\n params.nonce = String(rawParams.nonce);\n }\n\n if (rawParams.tag !== undefined) {\n params.tag = String(rawParams.tag);\n }\n\n return { label, params };\n}\n\n/**\n * Parse inner list content (space-separated quoted strings).\n */\nfunction parseInnerList(content: string): string[] {\n const items: string[] = [];\n const regex = /\"([^\"]*)\"/g;\n let match;\n while ((match = regex.exec(content)) !== null) {\n items.push(match[1]);\n }\n return items;\n}\n\n/**\n * Parse parameters from ;key=value;key2=value2 format.\n */\nfunction parseParameters(paramsString: string): Record<string, string | number> {\n const params: Record<string, string | number> = {};\n\n // Split by semicolon\n const parts = paramsString.split(';').filter((p) => p.trim());\n\n for (const part of parts) {\n const [key, value] = splitKeyValue(part.trim());\n if (!key) continue;\n\n // Parse value - could be integer, string, or token\n if (!value) {\n params[key] = true as unknown as string;\n } else if (value.startsWith('\"') && value.endsWith('\"')) {\n // Quoted string\n params[key] = value.slice(1, -1);\n } else if (/^-?\\d+$/.test(value)) {\n // Integer\n params[key] = parseInt(value, 10);\n } else {\n // Token or other\n params[key] = value;\n }\n }\n\n return params;\n}\n\n/**\n * Decode base64 (standard or URL-safe) to bytes.\n */\nfunction base64ToBytes(base64: string): Uint8Array {\n // Handle URL-safe base64\n const normalized = base64.replace(/-/g, '+').replace(/_/g, '/');\n\n // Add padding if needed\n const padded = normalized.padEnd(normalized.length + ((4 - (normalized.length % 4)) % 4), '=');\n\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n","/**\n * Signature base construction per RFC 9421 Section 2.5.\n *\n * The signature base is a canonical string constructed from\n * covered components and signature parameters.\n */\n\nimport { ParsedSignatureParams, SignatureRequest } from './types.js';\n\n/**\n * Build signature base string for verification.\n *\n * @param request - Request data\n * @param params - Parsed signature parameters\n * @returns Signature base string\n */\nexport function buildSignatureBase(\n request: SignatureRequest,\n params: ParsedSignatureParams\n): string {\n const lines: string[] = [];\n\n // Add each covered component\n for (const component of params.coveredComponents) {\n const value = getComponentValue(request, component);\n lines.push(`\"${component}\": ${value}`);\n }\n\n // Add signature params line\n const paramsLine = buildSignatureParamsLine(params);\n lines.push(`\"@signature-params\": ${paramsLine}`);\n\n return lines.join('\\n');\n}\n\n/**\n * Get the canonical value for a component identifier.\n */\nfunction getComponentValue(request: SignatureRequest, component: string): string {\n // Derived components start with @\n if (component.startsWith('@')) {\n return getDerivedComponentValue(request, component);\n }\n\n // Otherwise it's a header field\n return getHeaderValue(request.headers, component);\n}\n\n/**\n * Get derived component value.\n */\nfunction getDerivedComponentValue(request: SignatureRequest, component: string): string {\n switch (component) {\n case '@method':\n return request.method.toUpperCase();\n\n case '@target-uri':\n return request.url;\n\n case '@authority': {\n try {\n const url = new URL(request.url);\n return url.host;\n } catch {\n // If URL parsing fails, try to extract from headers\n return getHeaderValue(request.headers, 'host');\n }\n }\n\n case '@scheme': {\n try {\n const url = new URL(request.url);\n return url.protocol.replace(':', '');\n } catch {\n return 'https';\n }\n }\n\n case '@request-target': {\n try {\n const url = new URL(request.url);\n return url.pathname + url.search;\n } catch {\n // If not a full URL, assume it's already a path\n return request.url;\n }\n }\n\n case '@path': {\n try {\n const url = new URL(request.url);\n return url.pathname;\n } catch {\n const pathMatch = request.url.match(/^[^?]*/);\n return pathMatch ? pathMatch[0] : request.url;\n }\n }\n\n case '@query': {\n try {\n const url = new URL(request.url);\n return url.search || '?';\n } catch {\n const queryMatch = request.url.match(/\\?.*/);\n return queryMatch ? queryMatch[0] : '?';\n }\n }\n\n default:\n // Unknown derived component - return empty\n return '';\n }\n}\n\n/**\n * Get header value by name (case-insensitive).\n */\nfunction getHeaderValue(headers: Record<string, string>, name: string): string {\n const lowerName = name.toLowerCase();\n\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lowerName) {\n return value;\n }\n }\n\n return '';\n}\n\n/**\n * Build the signature-params line value.\n *\n * Format: (\"component1\" \"component2\");created=123;keyid=\"key\";alg=\"ed25519\"\n */\nfunction buildSignatureParamsLine(params: ParsedSignatureParams): string {\n // Build inner list of components\n const components = params.coveredComponents.map((c) => `\"${c}\"`).join(' ');\n let line = `(${components})`;\n\n // Add required parameters in canonical order\n line += `;created=${params.created}`;\n\n if (params.expires !== undefined) {\n line += `;expires=${params.expires}`;\n }\n\n if (params.nonce !== undefined) {\n line += `;nonce=\"${params.nonce}\"`;\n }\n\n line += `;keyid=\"${params.keyid}\"`;\n line += `;alg=\"${params.alg}\"`;\n\n if (params.tag !== undefined) {\n line += `;tag=\"${params.tag}\"`;\n }\n\n return line;\n}\n\n/**\n * Convert signature base string to bytes for cryptographic verification.\n */\nexport function signatureBaseToBytes(signatureBase: string): Uint8Array {\n const encoder = new TextEncoder();\n return encoder.encode(signatureBase);\n}\n","/**\n * HTTP Message Signature verification.\n *\n * Runtime-neutral verification using SignatureVerifier function type.\n * WebCrypto is used internally but NOT exposed in public API.\n */\n\nimport {\n SignatureVerifier,\n KeyResolver,\n SignatureRequest,\n VerifyOptions,\n VerificationResult,\n ParsedSignatureParams,\n} from './types.js';\nimport { parseSignature } from './parser.js';\nimport { buildSignatureBase, signatureBaseToBytes } from './base.js';\nimport { ErrorCodes, HttpSignatureError } from './errors.js';\n\n/**\n * Verify an HTTP Message Signature.\n *\n * @param request - Request data with headers\n * @param options - Verification options including key resolver\n * @returns Verification result\n */\nexport async function verifySignature(\n request: SignatureRequest,\n options: VerifyOptions\n): Promise<VerificationResult> {\n const { keyResolver, now = Math.floor(Date.now() / 1000), clockSkewSeconds = 60 } = options;\n\n try {\n // Get signature headers\n const signatureInput = getHeader(request.headers, 'signature-input');\n const signature = getHeader(request.headers, 'signature');\n\n // Parse signature\n const parsed = parseSignature(signatureInput, signature, options.label);\n\n // Validate algorithm\n if (parsed.params.alg !== 'ed25519') {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED,\n `Unsupported algorithm: ${parsed.params.alg} (only ed25519 is supported)`\n );\n }\n\n // Validate time constraints\n validateTimeConstraints(parsed.params, now, clockSkewSeconds);\n\n // Resolve key\n const verifier = await keyResolver(parsed.params.keyid);\n if (!verifier) {\n throw new HttpSignatureError(\n ErrorCodes.KEY_NOT_FOUND,\n `Key not found: ${parsed.params.keyid}`\n );\n }\n\n // Build signature base\n const signatureBase = buildSignatureBase(request, parsed.params);\n const signatureBaseBytes = signatureBaseToBytes(signatureBase);\n\n // Verify signature\n const valid = await verifier(signatureBaseBytes, parsed.signatureBytes);\n\n if (!valid) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_INVALID, 'Signature verification failed');\n }\n\n return {\n valid: true,\n signature: parsed,\n };\n } catch (error) {\n if (error instanceof HttpSignatureError) {\n return {\n valid: false,\n errorCode: error.code,\n errorMessage: error.message,\n };\n }\n throw error;\n }\n}\n\n/**\n * Validate time constraints on signature parameters.\n */\nfunction validateTimeConstraints(\n params: ParsedSignatureParams,\n now: number,\n clockSkewSeconds: number\n): void {\n // Check if signature is from the future (with skew tolerance)\n if (isCreatedInFuture(params, now, clockSkewSeconds)) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_FUTURE,\n `Signature created in future: ${params.created} > ${now + clockSkewSeconds}`\n );\n }\n\n // Check if signature is expired\n if (isExpired(params, now)) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_EXPIRED,\n `Signature expired: ${params.expires} < ${now}`\n );\n }\n}\n\n/**\n * Check if signature is expired.\n *\n * @param params - Parsed signature parameters\n * @param now - Current Unix timestamp (defaults to current time)\n * @returns true if signature is expired\n */\nexport function isExpired(\n params: ParsedSignatureParams,\n now: number = Math.floor(Date.now() / 1000)\n): boolean {\n if (params.expires === undefined) {\n return false;\n }\n return now > params.expires;\n}\n\n/**\n * Check if signature was created in the future (accounting for clock skew).\n *\n * @param params - Parsed signature parameters\n * @param now - Current Unix timestamp (defaults to current time)\n * @param skewSeconds - Allowed clock skew in seconds (defaults to 60)\n * @returns true if signature is from the future\n */\nexport function isCreatedInFuture(\n params: ParsedSignatureParams,\n now: number = Math.floor(Date.now() / 1000),\n skewSeconds: number = 60\n): boolean {\n return params.created > now + skewSeconds;\n}\n\n/**\n * Check if Ed25519 WebCrypto is supported in current runtime.\n *\n * @returns true if Ed25519 WebCrypto is available\n */\nexport async function isEd25519WebCryptoSupported(): Promise<boolean> {\n try {\n // Try to generate a key pair to test support\n const keyPair = await globalThis.crypto.subtle.generateKey('Ed25519', false, [\n 'sign',\n 'verify',\n ]);\n return keyPair !== null;\n } catch {\n return false;\n }\n}\n\n/**\n * Create a SignatureVerifier from a WebCrypto CryptoKey.\n *\n * This is a helper for consumers who have CryptoKey objects.\n * The function is runtime-neutral as it accepts unknown and casts internally.\n *\n * @param key - WebCrypto CryptoKey (passed as unknown for runtime neutrality)\n * @returns SignatureVerifier function\n */\nexport function createWebCryptoVerifier(key: unknown): SignatureVerifier {\n return async (data: Uint8Array, signature: Uint8Array): Promise<boolean> => {\n // Create proper ArrayBuffer views to satisfy TypeScript\n const sigBuffer = new Uint8Array(signature).buffer;\n const dataBuffer = new Uint8Array(data).buffer;\n\n // Use type from the actual WebCrypto API to avoid DOM type dependency\n type VerifyKey = Parameters<typeof globalThis.crypto.subtle.verify>[1];\n\n return globalThis.crypto.subtle.verify('Ed25519', key as VerifyKey, sigBuffer, dataBuffer);\n };\n}\n\n/**\n * Get header value by name (case-insensitive).\n */\nfunction getHeader(headers: Record<string, string>, name: string): string {\n const lowerName = name.toLowerCase();\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lowerName) {\n return value;\n }\n }\n return '';\n}\n"]}
1
+ {"version":3,"sources":["../src/errors.ts","../src/parser.ts","../src/base.ts","../src/verify.ts"],"names":[],"mappings":";AAIO,IAAM,UAAA,GAAa;AAAA;AAAA,EAExB,yBAAA,EAA2B,6BAAA;AAAA;AAAA,EAE3B,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,uBAAA,EAAyB,2BAAA;AAAA;AAAA,EAEzB,+BAAA,EAAiC,mCAAA;AAAA;AAAA,EAEjC,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,gBAAA,EAAkB,oBAAA;AAAA;AAAA,EAElB,iBAAA,EAAmB,qBAAA;AAAA;AAAA,EAEnB,qBAAA,EAAuB,yBAAA;AAAA;AAAA,EAEvB,aAAA,EAAe;AACjB;AAOO,IAAM,eAAA,GAA6C;AAAA,EACxD,CAAC,UAAA,CAAW,yBAAyB,GAAG,GAAA;AAAA,EACxC,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,uBAAuB,GAAG,GAAA;AAAA,EACtC,CAAC,UAAA,CAAW,+BAA+B,GAAG,GAAA;AAAA,EAC9C,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,gBAAgB,GAAG,GAAA;AAAA,EAC/B,CAAC,UAAA,CAAW,iBAAiB,GAAG,GAAA;AAAA,EAChC,CAAC,UAAA,CAAW,qBAAqB,GAAG,GAAA;AAAA,EACpC,CAAC,UAAA,CAAW,aAAa,GAAG;AAC9B;AAKO,IAAM,kBAAA,GAAN,cAAiC,KAAA,CAAM;AAAA,EACnC,IAAA;AAAA,EACA,UAAA;AAAA,EAET,WAAA,CAAY,MAAiB,OAAA,EAAiB;AAC5C,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,gBAAgB,IAAI,CAAA;AAAA,EACxC;AACF;;;ACrCO,SAAS,oBAAoB,WAAA,EAAyD;AAC3F,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAmC;AAGvD,EAAA,MAAM,OAAA,GAAU,uBAAuB,WAAW,CAAA;AAElD,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,MAAA,CAAO,IAAA,EAAM,CAAA;AAClD,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,KAAA,EAAO,MAAA,CAAO,MAAM,CAAA;AAAA,IACzC;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAUO,SAAS,qBACd,WAAA,EACoD;AACpD,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAmD;AAEvE,EAAA,MAAM,OAAA,GAAU,uBAAuB,WAAW,CAAA;AAElD,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,CAAC,KAAA,EAAO,KAAK,IAAI,aAAA,CAAc,MAAA,CAAO,MAAM,CAAA;AAClD,IAAA,IAAI,CAAC,KAAA,IAAS,CAAC,KAAA,EAAO;AAGtB,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,yBAAyB,CAAA;AACnD,IAAA,IAAI,CAAC,KAAA,EAAO;AAEZ,IAAA,MAAM,MAAA,GAAS,MAAM,CAAC,CAAA;AACtB,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,cAAc,MAAM,CAAA;AAClC,MAAA,OAAA,CAAQ,GAAA,CAAI,KAAA,EAAO,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,IACtC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAUO,SAAS,cAAA,CACd,cAAA,EACA,SAAA,EACA,KAAA,EACiB;AACjB,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,iBAAA,EAAmB,0BAA0B,CAAA;AAAA,EACvF;AAEA,EAAA,MAAM,QAAA,GAAW,oBAAoB,cAAc,CAAA;AACnD,EAAA,MAAM,MAAA,GAAS,qBAAqB,SAAS,CAAA;AAE7C,EAAA,IAAI,QAAA,CAAS,SAAS,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,cAAc,KAAA,IAAS,QAAA,CAAS,IAAA,EAAK,CAAE,MAAK,CAAE,KAAA;AACpD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,yBAAA,EAA2B,0BAA0B,CAAA;AAAA,EAC/F;AAEA,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,GAAA,CAAI,WAAW,CAAA;AACvC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,yBAAA;AAAA,MACX,oBAAoB,WAAW,CAAA,8BAAA;AAAA,KACjC;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,GAAA,CAAI,WAAW,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,iBAAA;AAAA,MACX,oBAAoB,WAAW,CAAA,+BAAA;AAAA,KACjC;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,OAAO,GAAA,EAAK;AACf,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,CAAO,OAAA,KAAY,MAAA,IAAa,MAAA,CAAO,YAAY,IAAA,EAAM;AAC3D,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,uBAAA;AAAA,MACX;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,WAAA;AAAA,IACP,MAAA;AAAA,IACA,gBAAgB,OAAA,CAAQ,KAAA;AAAA,IACxB,iBAAiB,OAAA,CAAQ;AAAA,GAC3B;AACF;AAOA,SAAS,uBAAuB,KAAA,EAAyB;AACvD,EAAA,MAAM,UAAoB,EAAC;AAC3B,EAAA,IAAI,OAAA,GAAU,EAAA;AACd,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,IAAI,QAAA,GAAW,KAAA;AACf,EAAA,IAAI,SAAA,GAAY,KAAA;AAEhB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AAEpB,IAAA,IAAI,IAAA,KAAS,GAAA,IAAO,CAAC,SAAA,EAAW;AAC9B,MAAA,QAAA,GAAW,CAAC,QAAA;AACZ,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,CAAA,MAAA,IAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,EAAU;AACpC,MAAA,SAAA,GAAY,CAAC,SAAA;AACb,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,WAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AAClD,MAAA,KAAA,EAAA;AACA,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,WAAW,IAAA,KAAS,GAAA,IAAO,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AAClD,MAAA,KAAA,EAAA;AACA,MAAA,OAAA,IAAW,IAAA;AAAA,IACb,CAAA,MAAA,IAAW,SAAS,GAAA,IAAO,KAAA,KAAU,KAAK,CAAC,QAAA,IAAY,CAAC,SAAA,EAAW;AACjE,MAAA,IAAI,OAAA,CAAQ,MAAK,EAAG;AAClB,QAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,CAAA;AAAA,MAC7B;AACA,MAAA,OAAA,GAAU,EAAA;AAAA,IACZ,CAAA,MAAO;AACL,MAAA,OAAA,IAAW,IAAA;AAAA,IACb;AAAA,EACF;AAEA,EAAA,IAAI,OAAA,CAAQ,MAAK,EAAG;AAClB,IAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,CAAA;AAAA,EAC7B;AAEA,EAAA,OAAO,OAAA;AACT;AAKA,SAAS,cAAc,MAAA,EAAkC;AACvD,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,YAAY,EAAA,EAAI;AAClB,IAAA,OAAO,CAAC,QAAQ,EAAE,CAAA;AAAA,EACpB;AACA,EAAA,OAAO,CAAC,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,OAAO,GAAG,MAAA,CAAO,KAAA,CAAM,OAAA,GAAU,CAAC,CAAC,CAAA;AAC7D;AAKA,SAAS,sBACP,MAAA,EACyD;AACzD,EAAA,MAAM,CAAC,KAAA,EAAO,IAAI,CAAA,GAAI,cAAc,MAAM,CAAA;AAC1C,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,IAAA,EAAM,OAAO,IAAA;AAI5B,EAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,KAAA,CAAM,mBAAmB,CAAA;AACrD,EAAA,IAAI,CAAC,gBAAgB,OAAO,IAAA;AAE5B,EAAA,MAAM,gBAAA,GAAmB,eAAe,CAAC,CAAA;AACzC,EAAA,MAAM,YAAA,GAAe,eAAe,CAAC,CAAA;AAGrC,EAAA,MAAM,iBAAA,GAAoB,eAAe,gBAAgB,CAAA;AAGzD,EAAA,MAAM,SAAA,GAAY,gBAAgB,YAAY,CAAA;AAE9C,EAAA,MAAM,MAAA,GAAgC;AAAA,IACpC,KAAA,EAAO,MAAA,CAAO,SAAA,CAAU,KAAA,IAAS,EAAE,CAAA;AAAA,IACnC,GAAA,EAAK,MAAA,CAAO,SAAA,CAAU,GAAA,IAAO,EAAE,CAAA;AAAA,IAC/B,SAAS,SAAA,CAAU,OAAA,KAAY,SAAY,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA,GAAI,CAAA;AAAA,IACvE;AAAA,GACF;AAEA,EAAA,IAAI,SAAA,CAAU,YAAY,MAAA,EAAW;AACnC,IAAA,MAAA,CAAO,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA;AAAA,EAC3C;AAEA,EAAA,IAAI,SAAA,CAAU,UAAU,MAAA,EAAW;AACjC,IAAA,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,SAAA,CAAU,KAAK,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,SAAA,CAAU,QAAQ,MAAA,EAAW;AAC/B,IAAA,MAAA,CAAO,GAAA,GAAM,MAAA,CAAO,SAAA,CAAU,GAAG,CAAA;AAAA,EACnC;AAEA,EAAA,OAAO,EAAE,OAAO,MAAA,EAAO;AACzB;AAKA,SAAS,eAAe,OAAA,EAA2B;AACjD,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,MAAM,KAAA,GAAQ,YAAA;AACd,EAAA,IAAI,KAAA;AACJ,EAAA,OAAA,CAAQ,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,OAAO,IAAA,EAAM;AAC7C,IAAA,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACrB;AACA,EAAA,OAAO,KAAA;AACT;AAKA,SAAS,gBAAgB,YAAA,EAAuD;AAC9E,EAAA,MAAM,SAA0C,EAAC;AAGjD,EAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,CAAC,CAAA,KAAM,CAAA,CAAE,IAAA,EAAM,CAAA;AAE5D,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,CAAC,GAAA,EAAK,KAAK,IAAI,aAAA,CAAc,IAAA,CAAK,MAAM,CAAA;AAC9C,IAAA,IAAI,CAAC,GAAA,EAAK;AAGV,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,IAAA;AAAA,IAChB,CAAA,MAAA,IAAW,MAAM,UAAA,CAAW,GAAG,KAAK,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAEvD,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA,CAAM,KAAA,CAAM,GAAG,EAAE,CAAA;AAAA,IACjC,CAAA,MAAA,IAAW,SAAA,CAAU,IAAA,CAAK,KAAK,CAAA,EAAG;AAEhC,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,QAAA,CAAS,KAAA,EAAO,EAAE,CAAA;AAAA,IAClC,CAAA,MAAO;AAEL,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA;AAAA,IAChB;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAKA,SAAS,cAAc,MAAA,EAA4B;AAEjD,EAAA,MAAM,UAAA,GAAa,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAG9D,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,MAAA,CAAO,UAAA,CAAW,MAAA,GAAA,CAAW,IAAK,UAAA,CAAW,MAAA,GAAS,CAAA,IAAM,CAAA,EAAI,GAAG,CAAA;AAE7F,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;;;AC3SO,SAAS,kBAAA,CACd,SACA,MAAA,EACQ;AACR,EAAA,MAAM,QAAkB,EAAC;AAGzB,EAAA,KAAA,MAAW,SAAA,IAAa,OAAO,iBAAA,EAAmB;AAChD,IAAA,MAAM,KAAA,GAAQ,iBAAA,CAAkB,OAAA,EAAS,SAAS,CAAA;AAClD,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,CAAA,EAAI,SAAS,CAAA,GAAA,EAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EACvC;AAGA,EAAA,MAAM,UAAA,GAAa,yBAAyB,MAAM,CAAA;AAClD,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,qBAAA,EAAwB,UAAU,CAAA,CAAE,CAAA;AAE/C,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAKA,SAAS,iBAAA,CAAkB,SAA2B,SAAA,EAA2B;AAE/E,EAAA,IAAI,SAAA,CAAU,UAAA,CAAW,GAAG,CAAA,EAAG;AAC7B,IAAA,OAAO,wBAAA,CAAyB,SAAS,SAAS,CAAA;AAAA,EACpD;AAGA,EAAA,OAAO,cAAA,CAAe,OAAA,CAAQ,OAAA,EAAS,SAAS,CAAA;AAClD;AAKA,SAAS,wBAAA,CAAyB,SAA2B,SAAA,EAA2B;AACtF,EAAA,QAAQ,SAAA;AAAW,IACjB,KAAK,SAAA;AACH,MAAA,OAAO,OAAA,CAAQ,OAAO,WAAA,EAAY;AAAA,IAEpC,KAAK,aAAA;AACH,MAAA,OAAO,OAAA,CAAQ,GAAA;AAAA,IAEjB,KAAK,YAAA,EAAc;AACjB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,IAAA;AAAA,MACb,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,cAAA,CAAe,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAA;AAAA,MAC/C;AAAA,IACF;AAAA,IAEA,KAAK,SAAA,EAAW;AACd,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAAA,MACrC,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,OAAA;AAAA,MACT;AAAA,IACF;AAAA,IAEA,KAAK,iBAAA,EAAmB;AACtB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,WAAW,GAAA,CAAI,MAAA;AAAA,MAC5B,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,OAAA,CAAQ,GAAA;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,KAAK,OAAA,EAAS;AACZ,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,GAAA,CAAI,QAAA;AAAA,MACb,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA;AAC5C,QAAA,OAAO,SAAA,GAAY,SAAA,CAAU,CAAC,CAAA,GAAI,OAAA,CAAQ,GAAA;AAAA,MAC5C;AAAA,IACF;AAAA,IAEA,KAAK,QAAA,EAAU;AACb,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,QAAA,OAAO,IAAI,MAAA,IAAU,GAAA;AAAA,MACvB,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,MAAM,CAAA;AAC3C,QAAA,OAAO,UAAA,GAAa,UAAA,CAAW,CAAC,CAAA,GAAI,GAAA;AAAA,MACtC;AAAA,IACF;AAAA,IAEA;AAEE,MAAA,OAAO,EAAA;AAAA;AAEb;AAKA,SAAS,cAAA,CAAe,SAAiC,IAAA,EAAsB;AAC7E,EAAA,MAAM,SAAA,GAAY,KAAK,WAAA,EAAY;AAEnC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,SAAA,EAAW;AACnC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,EAAA;AACT;AAOA,SAAS,yBAAyB,MAAA,EAAuC;AAEvE,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,iBAAA,CAAkB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAG,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA;AACzE,EAAA,IAAI,IAAA,GAAO,IAAI,UAAU,CAAA,CAAA,CAAA;AAGzB,EAAA,IAAA,IAAQ,CAAA,SAAA,EAAY,OAAO,OAAO,CAAA,CAAA;AAElC,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,IAAA,IAAQ,CAAA,SAAA,EAAY,OAAO,OAAO,CAAA,CAAA;AAAA,EACpC;AAEA,EAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAW;AAC9B,IAAA,IAAA,IAAQ,CAAA,QAAA,EAAW,OAAO,KAAK,CAAA,CAAA,CAAA;AAAA,EACjC;AAEA,EAAA,IAAA,IAAQ,CAAA,QAAA,EAAW,OAAO,KAAK,CAAA,CAAA,CAAA;AAC/B,EAAA,IAAA,IAAQ,CAAA,MAAA,EAAS,OAAO,GAAG,CAAA,CAAA,CAAA;AAE3B,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IAAA,IAAQ,CAAA,MAAA,EAAS,OAAO,GAAG,CAAA,CAAA,CAAA;AAAA,EAC7B;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,qBAAqB,aAAA,EAAmC;AACtE,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,OAAO,OAAA,CAAQ,OAAO,aAAa,CAAA;AACrC;;;AC5IA,eAAsB,eAAA,CACpB,SACA,OAAA,EAC6B;AAC7B,EAAA,MAAM,EAAE,WAAA,EAAa,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAAG,gBAAA,GAAmB,EAAA,EAAG,GAAI,OAAA;AAEpF,EAAA,IAAI;AAEF,IAAA,MAAM,cAAA,GAAiB,SAAA,CAAU,OAAA,CAAQ,OAAA,EAAS,iBAAiB,CAAA;AACnE,IAAA,MAAM,SAAA,GAAY,SAAA,CAAU,OAAA,CAAQ,OAAA,EAAS,WAAW,CAAA;AAGxD,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,cAAA,EAAgB,SAAA,EAAW,QAAQ,KAAK,CAAA;AAGtE,IAAA,IAAI,MAAA,CAAO,MAAA,CAAO,GAAA,KAAQ,SAAA,EAAW;AACnC,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,UAAA,CAAW,+BAAA;AAAA,QACX,CAAA,uBAAA,EAA0B,MAAA,CAAO,MAAA,CAAO,GAAG,CAAA,4BAAA;AAAA,OAC7C;AAAA,IACF;AAGA,IAAA,uBAAA,CAAwB,MAAA,CAAO,MAAA,EAAQ,GAAA,EAAK,gBAAgB,CAAA;AAG5D,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,MAAA,CAAO,OAAO,KAAK,CAAA;AACtD,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,UAAA,CAAW,aAAA;AAAA,QACX,CAAA,eAAA,EAAkB,MAAA,CAAO,MAAA,CAAO,KAAK,CAAA;AAAA,OACvC;AAAA,IACF;AAGA,IAAA,MAAM,aAAA,GAAgB,kBAAA,CAAmB,OAAA,EAAS,MAAA,CAAO,MAAM,CAAA;AAC/D,IAAA,MAAM,kBAAA,GAAqB,qBAAqB,aAAa,CAAA;AAG7D,IAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,kBAAA,EAAoB,OAAO,cAAc,CAAA;AAEtE,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,kBAAA,CAAmB,UAAA,CAAW,iBAAA,EAAmB,+BAA+B,CAAA;AAAA,IAC5F;AAEA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,IAAA;AAAA,MACP,SAAA,EAAW;AAAA,KACb;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,IAAI,iBAAiB,kBAAA,EAAoB;AACvC,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,WAAW,KAAA,CAAM,IAAA;AAAA,QACjB,cAAc,KAAA,CAAM;AAAA,OACtB;AAAA,IACF;AACA,IAAA,MAAM,KAAA;AAAA,EACR;AACF;AAKA,SAAS,uBAAA,CACP,MAAA,EACA,GAAA,EACA,gBAAA,EACM;AAEN,EAAA,IAAI,iBAAA,CAAkB,MAAA,EAAQ,GAAA,EAAK,gBAAgB,CAAA,EAAG;AACpD,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,gBAAA;AAAA,MACX,CAAA,6BAAA,EAAgC,MAAA,CAAO,OAAO,CAAA,GAAA,EAAM,MAAM,gBAAgB,CAAA;AAAA,KAC5E;AAAA,EACF;AAGA,EAAA,IAAI,SAAA,CAAU,MAAA,EAAQ,GAAG,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,UAAA,CAAW,iBAAA;AAAA,MACX,CAAA,mBAAA,EAAsB,MAAA,CAAO,OAAO,CAAA,GAAA,EAAM,GAAG,CAAA;AAAA,KAC/C;AAAA,EACF;AACF;AASO,SAAS,SAAA,CACd,QACA,GAAA,GAAc,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EACjC;AACT,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,MAAM,MAAA,CAAO,OAAA;AACtB;AAUO,SAAS,iBAAA,CACd,MAAA,EACA,GAAA,GAAc,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAC1C,WAAA,GAAsB,EAAA,EACb;AACT,EAAA,OAAO,MAAA,CAAO,UAAU,GAAA,GAAM,WAAA;AAChC;AAOA,eAAsB,2BAAA,GAAgD;AACpE,EAAA,IAAI;AAEF,IAAA,MAAM,UAAU,MAAM,UAAA,CAAW,OAAO,MAAA,CAAO,WAAA,CAAY,WAAW,KAAA,EAAO;AAAA,MAC3E,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AACD,IAAA,OAAO,OAAA,KAAY,IAAA;AAAA,EACrB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAWO,SAAS,wBAAwB,GAAA,EAAiC;AACvE,EAAA,OAAO,OAAO,MAAkB,SAAA,KAA4C;AAE1E,IAAA,MAAM,SAAA,GAAY,IAAI,UAAA,CAAW,SAAS,CAAA,CAAE,MAAA;AAC5C,IAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,IAAI,CAAA,CAAE,MAAA;AAKxC,IAAA,OAAO,WAAW,MAAA,CAAO,MAAA,CAAO,OAAO,SAAA,EAAW,GAAA,EAAkB,WAAW,UAAU,CAAA;AAAA,EAC3F,CAAA;AACF;AAKA,SAAS,SAAA,CAAU,SAAiC,IAAA,EAAsB;AACxE,EAAA,MAAM,SAAA,GAAY,KAAK,WAAA,EAAY;AACnC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,SAAA,EAAW;AACnC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,EAAA;AACT","file":"index.js","sourcesContent":["/**\n * HTTP Signature error codes per execution pack specification.\n */\n\nexport const ErrorCodes = {\n /** Signature-Input header parse failed */\n SIGNATURE_INPUT_MALFORMED: 'E_SIGNATURE_INPUT_MALFORMED',\n /** No Signature header present */\n SIGNATURE_MISSING: 'E_SIGNATURE_MISSING',\n /** Required param (created/keyid/alg) missing */\n SIGNATURE_PARAM_MISSING: 'E_SIGNATURE_PARAM_MISSING',\n /** Algorithm not ed25519 */\n SIGNATURE_ALGORITHM_UNSUPPORTED: 'E_SIGNATURE_ALGORITHM_UNSUPPORTED',\n /** Signature expired (now > expires) */\n SIGNATURE_EXPIRED: 'E_SIGNATURE_EXPIRED',\n /** Signature from future (created > now + skew) */\n SIGNATURE_FUTURE: 'E_SIGNATURE_FUTURE',\n /** Cryptographic verification failed */\n SIGNATURE_INVALID: 'E_SIGNATURE_INVALID',\n /** Ed25519 WebCrypto not supported */\n WEBCRYPTO_UNAVAILABLE: 'E_WEBCRYPTO_UNAVAILABLE',\n /** Key not found by resolver */\n KEY_NOT_FOUND: 'E_KEY_NOT_FOUND',\n} as const;\n\nexport type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];\n\n/**\n * HTTP status codes for each error.\n */\nexport const ErrorHttpStatus: Record<ErrorCode, number> = {\n [ErrorCodes.SIGNATURE_INPUT_MALFORMED]: 400,\n [ErrorCodes.SIGNATURE_MISSING]: 401,\n [ErrorCodes.SIGNATURE_PARAM_MISSING]: 400,\n [ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED]: 400,\n [ErrorCodes.SIGNATURE_EXPIRED]: 401,\n [ErrorCodes.SIGNATURE_FUTURE]: 401,\n [ErrorCodes.SIGNATURE_INVALID]: 401,\n [ErrorCodes.WEBCRYPTO_UNAVAILABLE]: 500,\n [ErrorCodes.KEY_NOT_FOUND]: 401,\n};\n\n/**\n * HTTP Signature error with code and HTTP status.\n */\nexport class HttpSignatureError extends Error {\n readonly code: ErrorCode;\n readonly httpStatus: number;\n\n constructor(code: ErrorCode, message: string) {\n super(message);\n this.name = 'HttpSignatureError';\n this.code = code;\n this.httpStatus = ErrorHttpStatus[code];\n }\n}\n","/**\n * Parser for RFC 9421 Signature-Input and Signature headers.\n *\n * Implements minimal RFC 9651 Structured Fields parsing for\n * Dictionary and Inner List types as needed by HTTP Signatures.\n */\n\nimport { ParsedSignatureParams, ParsedSignature } from './types.js';\nimport { ErrorCodes, HttpSignatureError } from './errors.js';\n\n/**\n * Parse Signature-Input header value into structured parameters.\n *\n * Format: label=(\"component1\" \"component2\");param1=value1;param2=value2\n *\n * @param headerValue - Raw Signature-Input header value\n * @returns Map of label to parsed parameters\n */\nexport function parseSignatureInput(headerValue: string): Map<string, ParsedSignatureParams> {\n const results = new Map<string, ParsedSignatureParams>();\n\n // Split by comma for multiple signatures (outer dictionary members)\n const members = splitDictionaryMembers(headerValue);\n\n for (const member of members) {\n const parsed = parseDictionaryMember(member.trim());\n if (parsed) {\n results.set(parsed.label, parsed.params);\n }\n }\n\n return results;\n}\n\n/**\n * Parse Signature header value into raw signature bytes.\n *\n * Format: label=:base64signature:\n *\n * @param headerValue - Raw Signature header value\n * @returns Map of label to signature bytes\n */\nexport function parseSignatureHeader(\n headerValue: string\n): Map<string, { bytes: Uint8Array; base64: string }> {\n const results = new Map<string, { bytes: Uint8Array; base64: string }>();\n\n const members = splitDictionaryMembers(headerValue);\n\n for (const member of members) {\n const [label, value] = splitKeyValue(member.trim());\n if (!label || !value) continue;\n\n // Extract base64 from :...: byte sequence format\n const match = value.match(/^:([A-Za-z0-9+/=_-]+):$/);\n if (!match) continue;\n\n const base64 = match[1];\n try {\n const bytes = base64ToBytes(base64);\n results.set(label, { bytes, base64 });\n } catch {\n // Skip invalid base64\n }\n }\n\n return results;\n}\n\n/**\n * Parse complete signature from both headers.\n *\n * @param signatureInput - Signature-Input header value\n * @param signature - Signature header value\n * @param label - Optional specific label to parse (defaults to first)\n * @returns Parsed signature or throws HttpSignatureError\n */\nexport function parseSignature(\n signatureInput: string,\n signature: string,\n label?: string\n): ParsedSignature {\n if (!signatureInput) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n 'Missing Signature-Input header'\n );\n }\n\n if (!signature) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_MISSING, 'Missing Signature header');\n }\n\n const inputMap = parseSignatureInput(signatureInput);\n const sigMap = parseSignatureHeader(signature);\n\n if (inputMap.size === 0) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n 'Failed to parse Signature-Input header'\n );\n }\n\n // Use specified label or first available\n const targetLabel = label ?? inputMap.keys().next().value;\n if (!targetLabel) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_INPUT_MALFORMED, 'No signature label found');\n }\n\n const params = inputMap.get(targetLabel);\n if (!params) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_INPUT_MALFORMED,\n `Signature label \"${targetLabel}\" not found in Signature-Input`\n );\n }\n\n const sigData = sigMap.get(targetLabel);\n if (!sigData) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_MISSING,\n `Signature label \"${targetLabel}\" not found in Signature header`\n );\n }\n\n // Validate required parameters\n if (!params.keyid) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: keyid'\n );\n }\n\n if (!params.alg) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: alg'\n );\n }\n\n if (params.created === undefined || params.created === null) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_PARAM_MISSING,\n 'Missing required parameter: created'\n );\n }\n\n return {\n label: targetLabel,\n params,\n signatureBytes: sigData.bytes,\n signatureBase64: sigData.base64,\n };\n}\n\n// --- Internal parsing helpers ---\n\n/**\n * Split dictionary members by comma, respecting inner lists and strings.\n */\nfunction splitDictionaryMembers(value: string): string[] {\n const members: string[] = [];\n let current = '';\n let depth = 0;\n let inString = false;\n let inByteSeq = false;\n\n for (let i = 0; i < value.length; i++) {\n const char = value[i];\n\n if (char === '\"' && !inByteSeq) {\n inString = !inString;\n current += char;\n } else if (char === ':' && !inString) {\n inByteSeq = !inByteSeq;\n current += char;\n } else if (char === '(' && !inString && !inByteSeq) {\n depth++;\n current += char;\n } else if (char === ')' && !inString && !inByteSeq) {\n depth--;\n current += char;\n } else if (char === ',' && depth === 0 && !inString && !inByteSeq) {\n if (current.trim()) {\n members.push(current.trim());\n }\n current = '';\n } else {\n current += char;\n }\n }\n\n if (current.trim()) {\n members.push(current.trim());\n }\n\n return members;\n}\n\n/**\n * Split a dictionary member into key=value pair.\n */\nfunction splitKeyValue(member: string): [string, string] {\n const eqIndex = member.indexOf('=');\n if (eqIndex === -1) {\n return [member, ''];\n }\n return [member.slice(0, eqIndex), member.slice(eqIndex + 1)];\n}\n\n/**\n * Parse a single dictionary member (label=inner-list;params).\n */\nfunction parseDictionaryMember(\n member: string\n): { label: string; params: ParsedSignatureParams } | null {\n const [label, rest] = splitKeyValue(member);\n if (!label || !rest) return null;\n\n // Parse inner list and parameters\n // Format: (\"component1\" \"component2\");param1=value1;param2=value2\n const innerListMatch = rest.match(/^\\(([^)]*)\\)(.*)$/);\n if (!innerListMatch) return null;\n\n const innerListContent = innerListMatch[1];\n const paramsString = innerListMatch[2];\n\n // Parse covered components from inner list\n const coveredComponents = parseInnerList(innerListContent);\n\n // Parse parameters\n const rawParams = parseParameters(paramsString);\n\n const params: ParsedSignatureParams = {\n keyid: String(rawParams.keyid ?? ''),\n alg: String(rawParams.alg ?? ''),\n created: rawParams.created !== undefined ? Number(rawParams.created) : 0,\n coveredComponents,\n };\n\n if (rawParams.expires !== undefined) {\n params.expires = Number(rawParams.expires);\n }\n\n if (rawParams.nonce !== undefined) {\n params.nonce = String(rawParams.nonce);\n }\n\n if (rawParams.tag !== undefined) {\n params.tag = String(rawParams.tag);\n }\n\n return { label, params };\n}\n\n/**\n * Parse inner list content (space-separated quoted strings).\n */\nfunction parseInnerList(content: string): string[] {\n const items: string[] = [];\n const regex = /\"([^\"]*)\"/g;\n let match;\n while ((match = regex.exec(content)) !== null) {\n items.push(match[1]);\n }\n return items;\n}\n\n/**\n * Parse parameters from ;key=value;key2=value2 format.\n */\nfunction parseParameters(paramsString: string): Record<string, string | number> {\n const params: Record<string, string | number> = {};\n\n // Split by semicolon\n const parts = paramsString.split(';').filter((p) => p.trim());\n\n for (const part of parts) {\n const [key, value] = splitKeyValue(part.trim());\n if (!key) continue;\n\n // Parse value - could be integer, string, or token\n if (!value) {\n params[key] = true as unknown as string;\n } else if (value.startsWith('\"') && value.endsWith('\"')) {\n // Quoted string\n params[key] = value.slice(1, -1);\n } else if (/^-?\\d+$/.test(value)) {\n // Integer\n params[key] = parseInt(value, 10);\n } else {\n // Token or other\n params[key] = value;\n }\n }\n\n return params;\n}\n\n/**\n * Decode base64 (standard or URL-safe) to bytes.\n */\nfunction base64ToBytes(base64: string): Uint8Array {\n // Handle URL-safe base64\n const normalized = base64.replace(/-/g, '+').replace(/_/g, '/');\n\n // Add padding if needed\n const padded = normalized.padEnd(normalized.length + ((4 - (normalized.length % 4)) % 4), '=');\n\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n","/**\n * Signature base construction per RFC 9421 Section 2.5.\n *\n * The signature base is a canonical string constructed from\n * covered components and signature parameters.\n */\n\nimport { ParsedSignatureParams, SignatureRequest } from './types.js';\n\n/**\n * Build signature base string for verification.\n *\n * @param request - Request data\n * @param params - Parsed signature parameters\n * @returns Signature base string\n */\nexport function buildSignatureBase(\n request: SignatureRequest,\n params: ParsedSignatureParams\n): string {\n const lines: string[] = [];\n\n // Add each covered component\n for (const component of params.coveredComponents) {\n const value = getComponentValue(request, component);\n lines.push(`\"${component}\": ${value}`);\n }\n\n // Add signature params line\n const paramsLine = buildSignatureParamsLine(params);\n lines.push(`\"@signature-params\": ${paramsLine}`);\n\n return lines.join('\\n');\n}\n\n/**\n * Get the canonical value for a component identifier.\n */\nfunction getComponentValue(request: SignatureRequest, component: string): string {\n // Derived components start with @\n if (component.startsWith('@')) {\n return getDerivedComponentValue(request, component);\n }\n\n // Otherwise it's a header field\n return getHeaderValue(request.headers, component);\n}\n\n/**\n * Get derived component value.\n */\nfunction getDerivedComponentValue(request: SignatureRequest, component: string): string {\n switch (component) {\n case '@method':\n return request.method.toUpperCase();\n\n case '@target-uri':\n return request.url;\n\n case '@authority': {\n try {\n const url = new URL(request.url);\n return url.host;\n } catch {\n // If URL parsing fails, try to extract from headers\n return getHeaderValue(request.headers, 'host');\n }\n }\n\n case '@scheme': {\n try {\n const url = new URL(request.url);\n return url.protocol.replace(':', '');\n } catch {\n return 'https';\n }\n }\n\n case '@request-target': {\n try {\n const url = new URL(request.url);\n return url.pathname + url.search;\n } catch {\n // If not a full URL, assume it's already a path\n return request.url;\n }\n }\n\n case '@path': {\n try {\n const url = new URL(request.url);\n return url.pathname;\n } catch {\n const pathMatch = request.url.match(/^[^?]*/);\n return pathMatch ? pathMatch[0] : request.url;\n }\n }\n\n case '@query': {\n try {\n const url = new URL(request.url);\n return url.search || '?';\n } catch {\n const queryMatch = request.url.match(/\\?.*/);\n return queryMatch ? queryMatch[0] : '?';\n }\n }\n\n default:\n // Unknown derived component - return empty\n return '';\n }\n}\n\n/**\n * Get header value by name (case-insensitive).\n */\nfunction getHeaderValue(headers: Record<string, string>, name: string): string {\n const lowerName = name.toLowerCase();\n\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lowerName) {\n return value;\n }\n }\n\n return '';\n}\n\n/**\n * Build the signature-params line value.\n *\n * Format: (\"component1\" \"component2\");created=123;keyid=\"key\";alg=\"ed25519\"\n */\nfunction buildSignatureParamsLine(params: ParsedSignatureParams): string {\n // Build inner list of components\n const components = params.coveredComponents.map((c) => `\"${c}\"`).join(' ');\n let line = `(${components})`;\n\n // Add required parameters in canonical order\n line += `;created=${params.created}`;\n\n if (params.expires !== undefined) {\n line += `;expires=${params.expires}`;\n }\n\n if (params.nonce !== undefined) {\n line += `;nonce=\"${params.nonce}\"`;\n }\n\n line += `;keyid=\"${params.keyid}\"`;\n line += `;alg=\"${params.alg}\"`;\n\n if (params.tag !== undefined) {\n line += `;tag=\"${params.tag}\"`;\n }\n\n return line;\n}\n\n/**\n * Convert signature base string to bytes for cryptographic verification.\n */\nexport function signatureBaseToBytes(signatureBase: string): Uint8Array {\n const encoder = new TextEncoder();\n return encoder.encode(signatureBase);\n}\n","/**\n * HTTP Message Signature verification.\n *\n * Runtime-neutral verification using SignatureVerifier function type.\n * WebCrypto is used internally but NOT exposed in public API.\n */\n\nimport {\n SignatureVerifier,\n KeyResolver,\n SignatureRequest,\n VerifyOptions,\n VerificationResult,\n ParsedSignatureParams,\n} from './types.js';\nimport { parseSignature } from './parser.js';\nimport { buildSignatureBase, signatureBaseToBytes } from './base.js';\nimport { ErrorCodes, HttpSignatureError } from './errors.js';\n\n/**\n * Verify an HTTP Message Signature.\n *\n * @param request - Request data with headers\n * @param options - Verification options including key resolver\n * @returns Verification result\n */\nexport async function verifySignature(\n request: SignatureRequest,\n options: VerifyOptions\n): Promise<VerificationResult> {\n const { keyResolver, now = Math.floor(Date.now() / 1000), clockSkewSeconds = 60 } = options;\n\n try {\n // Get signature headers\n const signatureInput = getHeader(request.headers, 'signature-input');\n const signature = getHeader(request.headers, 'signature');\n\n // Parse signature\n const parsed = parseSignature(signatureInput, signature, options.label);\n\n // Validate algorithm\n if (parsed.params.alg !== 'ed25519') {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED,\n `Unsupported algorithm: ${parsed.params.alg} (only ed25519 is supported)`\n );\n }\n\n // Validate time constraints\n validateTimeConstraints(parsed.params, now, clockSkewSeconds);\n\n // Resolve key\n const verifier = await keyResolver(parsed.params.keyid);\n if (!verifier) {\n throw new HttpSignatureError(\n ErrorCodes.KEY_NOT_FOUND,\n `Key not found: ${parsed.params.keyid}`\n );\n }\n\n // Build signature base\n const signatureBase = buildSignatureBase(request, parsed.params);\n const signatureBaseBytes = signatureBaseToBytes(signatureBase);\n\n // Verify signature\n const valid = await verifier(signatureBaseBytes, parsed.signatureBytes);\n\n if (!valid) {\n throw new HttpSignatureError(ErrorCodes.SIGNATURE_INVALID, 'Signature verification failed');\n }\n\n return {\n valid: true,\n signature: parsed,\n };\n } catch (error) {\n if (error instanceof HttpSignatureError) {\n return {\n valid: false,\n errorCode: error.code,\n errorMessage: error.message,\n };\n }\n throw error;\n }\n}\n\n/**\n * Validate time constraints on signature parameters.\n */\nfunction validateTimeConstraints(\n params: ParsedSignatureParams,\n now: number,\n clockSkewSeconds: number\n): void {\n // Check if signature is from the future (with skew tolerance)\n if (isCreatedInFuture(params, now, clockSkewSeconds)) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_FUTURE,\n `Signature created in future: ${params.created} > ${now + clockSkewSeconds}`\n );\n }\n\n // Check if signature is expired\n if (isExpired(params, now)) {\n throw new HttpSignatureError(\n ErrorCodes.SIGNATURE_EXPIRED,\n `Signature expired: ${params.expires} < ${now}`\n );\n }\n}\n\n/**\n * Check if signature is expired.\n *\n * @param params - Parsed signature parameters\n * @param now - Current Unix timestamp (defaults to current time)\n * @returns true if signature is expired\n */\nexport function isExpired(\n params: ParsedSignatureParams,\n now: number = Math.floor(Date.now() / 1000)\n): boolean {\n if (params.expires === undefined) {\n return false;\n }\n return now > params.expires;\n}\n\n/**\n * Check if signature was created in the future (accounting for clock skew).\n *\n * @param params - Parsed signature parameters\n * @param now - Current Unix timestamp (defaults to current time)\n * @param skewSeconds - Allowed clock skew in seconds (defaults to 60)\n * @returns true if signature is from the future\n */\nexport function isCreatedInFuture(\n params: ParsedSignatureParams,\n now: number = Math.floor(Date.now() / 1000),\n skewSeconds: number = 60\n): boolean {\n return params.created > now + skewSeconds;\n}\n\n/**\n * Check if Ed25519 WebCrypto is supported in current runtime.\n *\n * @returns true if Ed25519 WebCrypto is available\n */\nexport async function isEd25519WebCryptoSupported(): Promise<boolean> {\n try {\n // Try to generate a key pair to test support\n const keyPair = await globalThis.crypto.subtle.generateKey('Ed25519', false, [\n 'sign',\n 'verify',\n ]);\n return keyPair !== null;\n } catch {\n return false;\n }\n}\n\n/**\n * Create a SignatureVerifier from a WebCrypto CryptoKey.\n *\n * This is a helper for consumers who have CryptoKey objects.\n * The function is runtime-neutral as it accepts unknown and casts internally.\n *\n * @param key - WebCrypto CryptoKey (passed as unknown for runtime neutrality)\n * @returns SignatureVerifier function\n */\nexport function createWebCryptoVerifier(key: unknown): SignatureVerifier {\n return async (data: Uint8Array, signature: Uint8Array): Promise<boolean> => {\n // Create proper ArrayBuffer views to satisfy TypeScript\n const sigBuffer = new Uint8Array(signature).buffer;\n const dataBuffer = new Uint8Array(data).buffer;\n\n // Use type from the actual WebCrypto API to avoid DOM type dependency\n type VerifyKey = Parameters<typeof globalThis.crypto.subtle.verify>[1];\n\n return globalThis.crypto.subtle.verify('Ed25519', key as VerifyKey, sigBuffer, dataBuffer);\n };\n}\n\n/**\n * Get header value by name (case-insensitive).\n */\nfunction getHeader(headers: Record<string, string>, name: string): string {\n const lowerName = name.toLowerCase();\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lowerName) {\n return value;\n }\n }\n return '';\n}\n"]}
package/dist/parser.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  /**
2
2
  * Parser for RFC 9421 Signature-Input and Signature headers.
3
3
  *
4
- * Implements minimal RFC 8941 Structured Fields parsing for
4
+ * Implements minimal RFC 9651 Structured Fields parsing for
5
5
  * Dictionary and Inner List types as needed by HTTP Signatures.
6
6
  */
7
7
  import { ParsedSignatureParams, ParsedSignature } from './types.js';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@peac/http-signatures",
3
- "version": "0.10.13",
3
+ "version": "0.11.0",
4
4
  "description": "RFC 9421 HTTP Message Signatures parsing and verification",
5
5
  "type": "module",
6
6
  "main": "dist/index.cjs",