hbsig 0.0.1

package/cjs/signer-utils.js

@@ -0,0 +1,617 @@
+"use strict";
+
+function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); }
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.decodeSigInput = decodeSigInput;
+exports.extractPublicKeyFromHeaders = extractPublicKeyFromHeaders;
+exports.send = send;
+exports.toHttpSigner = void 0;
+exports.verify = verify;
+var _base64url = _interopRequireDefault(require("base64url"));
+var _crypto = _interopRequireDefault(require("crypto"));
+var _index = require("./http-message-signatures/index.js");
+var _structuredHeaders = require("structured-headers");
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { "default": e }; }
+function _regenerator() { /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/babel/babel/blob/main/packages/babel-helpers/LICENSE */ var e, t, r = "function" == typeof Symbol ? Symbol : {}, n = r.iterator || "@@iterator", o = r.toStringTag || "@@toStringTag"; function i(r, n, o, i) { var c = n && n.prototype instanceof Generator ? n : Generator, u = Object.create(c.prototype); return _regeneratorDefine2(u, "_invoke", function (r, n, o) { var i, c, u, f = 0, p = o || [], y = !1, G = { p: 0, n: 0, v: e, a: d, f: d.bind(e, 4), d: function d(t, r) { return i = t, c = 0, u = e, G.n = r, a; } }; function d(r, n) { for (c = r, u = n, t = 0; !y && f && !o && t < p.length; t++) { var o, i = p[t], d = G.p, l = i[2]; r > 3 ? (o = l === n) && (u = i[(c = i[4]) ? 5 : (c = 3, 3)], i[4] = i[5] = e) : i[0] <= d && ((o = r < 2 && d < i[1]) ? (c = 0, G.v = n, G.n = i[1]) : d < l && (o = r < 3 || i[0] > n || n > l) && (i[4] = r, i[5] = n, G.n = l, c = 0)); } if (o || r > 1) return a; throw y = !0, n; } return function (o, p, l) { if (f > 1) throw TypeError("Generator is already running"); for (y && 1 === p && d(p, l), c = p, u = l; (t = c < 2 ? e : u) || !y;) { i || (c ? c < 3 ? (c > 1 && (G.n = -1), d(c, u)) : G.n = u : G.v = u); try { if (f = 2, i) { if (c || (o = "next"), t = i[o]) { if (!(t = t.call(i, u))) throw TypeError("iterator result is not an object"); if (!t.done) return t; u = t.value, c < 2 && (c = 0); } else 1 === c && (t = i["return"]) && t.call(i), c < 2 && (u = TypeError("The iterator does not provide a '" + o + "' method"), c = 1); i = e; } else if ((t = (y = G.n < 0) ? u : r.call(n, G)) !== a) break; } catch (t) { i = e, c = 1, u = t; } finally { f = 1; } } return { value: t, done: y }; }; }(r, o, i), !0), u; } var a = {}; function Generator() {} function GeneratorFunction() {} function GeneratorFunctionPrototype() {} t = Object.getPrototypeOf; var c = [][n] ? t(t([][n]())) : (_regeneratorDefine2(t = {}, n, function () { return this; }), t), u = GeneratorFunctionPrototype.prototype = Generator.prototype = Object.create(c); function f(e) { return Object.setPrototypeOf ? Object.setPrototypeOf(e, GeneratorFunctionPrototype) : (e.__proto__ = GeneratorFunctionPrototype, _regeneratorDefine2(e, o, "GeneratorFunction")), e.prototype = Object.create(u), e; } return GeneratorFunction.prototype = GeneratorFunctionPrototype, _regeneratorDefine2(u, "constructor", GeneratorFunctionPrototype), _regeneratorDefine2(GeneratorFunctionPrototype, "constructor", GeneratorFunction), GeneratorFunction.displayName = "GeneratorFunction", _regeneratorDefine2(GeneratorFunctionPrototype, o, "GeneratorFunction"), _regeneratorDefine2(u), _regeneratorDefine2(u, o, "Generator"), _regeneratorDefine2(u, n, function () { return this; }), _regeneratorDefine2(u, "toString", function () { return "[object Generator]"; }), (_regenerator = function _regenerator() { return { w: i, m: f }; })(); }
+function _regeneratorDefine2(e, r, n, t) { var i = Object.defineProperty; try { i({}, "", {}); } catch (e) { i = 0; } _regeneratorDefine2 = function _regeneratorDefine(e, r, n, t) { function o(r, n) { _regeneratorDefine2(e, r, function (e) { return this._invoke(r, n, e); }); } r ? i ? i(e, r, { value: n, enumerable: !t, configurable: !t, writable: !t }) : e[r] = n : (o("next", 0), o("throw", 1), o("return", 2)); }, _regeneratorDefine2(e, r, n, t); }
+function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
+function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == _typeof(i) ? i : i + ""; }
+function _toPrimitive(t, r) { if ("object" != _typeof(t) || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != _typeof(i)) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
+function _slicedToArray(r, e) { return _arrayWithHoles(r) || _iterableToArrayLimit(r, e) || _unsupportedIterableToArray(r, e) || _nonIterableRest(); }
+function _iterableToArrayLimit(r, l) { var t = null == r ? null : "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (null != t) { var e, n, i, u, a = [], f = !0, o = !1; try { if (i = (t = t.call(r)).next, 0 === l) { if (Object(t) !== t) return; f = !1; } else for (; !(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = !0); } catch (r) { o = !0, n = r; } finally { try { if (!f && null != t["return"] && (u = t["return"](), Object(u) !== u)) return; } finally { if (o) throw n; } } return a; } }
+function _toConsumableArray(r) { return _arrayWithoutHoles(r) || _iterableToArray(r) || _unsupportedIterableToArray(r) || _nonIterableSpread(); }
+function _nonIterableSpread() { throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
+function _arrayWithoutHoles(r) { if (Array.isArray(r)) return _arrayLikeToArray(r); }
+function asyncGeneratorStep(n, t, e, r, o, a, c) { try { var i = n[a](c), u = i.value; } catch (n) { return void e(n); } i.done ? t(u) : Promise.resolve(u).then(r, o); }
+function _asyncToGenerator(n) { return function () { var t = this, e = arguments; return new Promise(function (r, o) { var a = n.apply(t, e); function _next(n) { asyncGeneratorStep(a, r, o, _next, _throw, "next", n); } function _throw(n) { asyncGeneratorStep(a, r, o, _next, _throw, "throw", n); } _next(void 0); }); }; }
+function _toArray(r) { return _arrayWithHoles(r) || _iterableToArray(r) || _unsupportedIterableToArray(r) || _nonIterableRest(); }
+function _nonIterableRest() { throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
+function _iterableToArray(r) { if ("undefined" != typeof Symbol && null != r[Symbol.iterator] || null != r["@@iterator"]) return Array.from(r); }
+function _arrayWithHoles(r) { if (Array.isArray(r)) return r; }
+function _createForOfIteratorHelper(r, e) { var t = "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (!t) { if (Array.isArray(r) || (t = _unsupportedIterableToArray(r)) || e && r && "number" == typeof r.length) { t && (r = t); var _n = 0, F = function F() {}; return { s: F, n: function n() { return _n >= r.length ? { done: !0 } : { done: !1, value: r[_n++] }; }, e: function e(r) { throw r; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var o, a = !0, u = !1; return { s: function s() { t = t.call(r); }, n: function n() { var r = t.next(); return a = r.done, r; }, e: function e(r) { u = !0, o = r; }, f: function f() { try { a || null == t["return"] || t["return"](); } finally { if (u) throw o; } } }; }
+function _unsupportedIterableToArray(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0; } }
+function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
+var augmentHeaders = _index.httpbis.augmentHeaders,
+  createSignatureBase = _index.httpbis.createSignatureBase,
+  createSigningParameters = _index.httpbis.createSigningParameters,
+  formatSignatureBase = _index.httpbis.formatSignatureBase;
+var verifyMessage = _index.httpbis.verifyMessage;
+
+/**
+ * Decode signature-input header to extract all components
+ * Handles format: signature-name=(components);params
+ *
+ * @param {string} signatureInput - The signature-input header value
+ * @param {string} [signatureName] - Optional specific signature name to decode
+ * @returns {Object} Decoded signature input with components and parameters
+ */
+function decodeSigInput(signatureInput) {
+  var signatureName = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : null;
+  if (!signatureInput) {
+    return null;
+  }
+  try {
+    // If signature name is provided, extract just that section
+    var inputToDecode = signatureInput;
+    if (signatureName) {
+      // Find the section for this specific signature
+      var startIndex = signatureInput.indexOf(signatureName);
+      if (startIndex === -1) {
+        return null;
+      }
+
+      // Extract from signature name to the next signature (if any) or end
+      var nextSigMatch = signatureInput.substring(startIndex + signatureName.length).match(/,\s*[a-zA-Z0-9-]+=/);
+      var endIndex = nextSigMatch ? startIndex + signatureName.length + nextSigMatch.index : signatureInput.length;
+      inputToDecode = signatureInput.substring(startIndex, endIndex).trim();
+    }
+
+    // Parse each signature entry
+    var signatures = {};
+
+    // Split by signature entries (handle multiple signatures)
+    var entries = inputToDecode.split(/,(?=\s*[a-zA-Z0-9-]+=)/);
+    var _iterator = _createForOfIteratorHelper(entries),
+      _step;
+    try {
+      for (_iterator.s(); !(_step = _iterator.n()).done;) {
+        var entry = _step.value;
+        var trimmedEntry = entry.trim();
+
+        // Match signature-name=(components);params format
+        var match = trimmedEntry.match(/^([a-zA-Z0-9-]+)=\(([^)]*)\)(.*)$/);
+        if (!match) {
+          continue;
+        }
+        var sigName = match[1];
+        var componentsStr = match[2];
+        var paramsStr = match[3];
+
+        // Parse components (space-separated, may be quoted)
+        var components = [];
+        var componentRegex = /"[^"]+"|[^\s]+/g;
+        var componentMatch = void 0;
+        while ((componentMatch = componentRegex.exec(componentsStr)) !== null) {
+          components.push(componentMatch[0].replace(/"/g, ""));
+        }
+
+        // Parse parameters (semicolon-separated key="value" pairs)
+        var params = {};
+        if (paramsStr) {
+          var paramPairs = paramsStr.split(";").filter(function (p) {
+            return p.trim();
+          });
+          var _iterator2 = _createForOfIteratorHelper(paramPairs),
+            _step2;
+          try {
+            for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
+              var pair = _step2.value;
+              var _pair$split = pair.split("="),
+                _pair$split2 = _toArray(_pair$split),
+                key = _pair$split2[0],
+                valueParts = _pair$split2.slice(1);
+              if (key && valueParts.length > 0) {
+                var value = valueParts.join("=").replace(/^"|"$/g, "");
+                params[key.trim()] = value;
+              }
+            }
+          } catch (err) {
+            _iterator2.e(err);
+          } finally {
+            _iterator2.f();
+          }
+        }
+        signatures[sigName] = {
+          components: components,
+          params: params,
+          raw: trimmedEntry
+        };
+      }
+
+      // If specific signature was requested, return just that one
+    } catch (err) {
+      _iterator.e(err);
+    } finally {
+      _iterator.f();
+    }
+    if (signatureName && signatures[signatureName]) {
+      return signatures[signatureName];
+    }
+
+    // Return all signatures or the first one if no specific name was given
+    return signatureName ? null : signatures;
+  } catch (error) {
+    console.error("Error decoding signature-input:", error);
+    return null;
+  }
+}
+
+/**
+ * Convert JWK modulus (n) to PEM format public key
+ * @param {Buffer} nBuffer - The modulus buffer
+ * @returns {string} PEM formatted public key
+ */
+function jwkModulusToPem(nBuffer) {
+  // RSA public key with standard exponent
+  var rsaPublicKey = _crypto["default"].createPublicKey({
+    key: {
+      kty: "RSA",
+      n: _base64url["default"].encode(nBuffer),
+      e: "AQAB" // Standard exponent 65537
+    },
+    format: "jwk"
+  });
+  return rsaPublicKey["export"]({
+    type: "spki",
+    format: "pem"
+  });
+}
+
+/**
+ * Extract signature name from headers
+ * @param {Object} headers - Request headers
+ * @returns {string|null} Signature name or null
+ */
+function extractSignatureName(headers) {
+  var signatureHeader = headers["signature"] || headers["Signature"];
+  if (!signatureHeader) return null;
+
+  // Extract signature name (e.g., "http-sig-xxxxxxxx")
+  // Handle both "name:" and "name=" formats
+  var match = signatureHeader.match(/^([^:=]+)[:=]/);
+  return match ? match[1] : null;
+}
+
+/**
+ * Verify an HTTP signed message using http-message-signatures
+ *
+ * @param {Object} signedMessage - The signed message to verify
+ * @param {string} signedMessage.url - Request URL
+ * @param {string} signedMessage.method - HTTP method
+ * @param {Object} signedMessage.headers - Headers including signature
+ * @param {string} [signedMessage.body] - Request body
+ * @param {string|Buffer} [publicKey] - Optional public key (if not provided, extracts from keyid)
+ * @returns {Object} Verification result
+ */
+function verify(_x, _x2) {
+  return _verify.apply(this, arguments);
+}
+/**
+ * Extract public key from signature-input header
+ * @param {Object} headers - Request headers
+ * @param {string} [signatureName] - Optional signature name to look for
+ * @returns {Buffer|null} Public key buffer or null
+ */
+function _verify() {
+  _verify = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee6(signedMessage, publicKey) {
+    var _decodedSigInput$para, url, method, headers, body, keyLookup, pem, _signatureName, extractedKey, _pem, _request, signatureName, extractedPublicKey, signatureInputHeader, decodedSigInput, algorithm, verified, verificationError, verificationResult, _t2, _t3;
+    return _regenerator().w(function (_context6) {
+      while (1) switch (_context6.p = _context6.n) {
+        case 0:
+          _context6.p = 0;
+          url = signedMessage.url, method = signedMessage.method, headers = signedMessage.headers, body = signedMessage.body; // Determine which public key to use
+          if (!publicKey) {
+            _context6.n = 1;
+            break;
+          }
+          // Use provided public key
+          pem = typeof publicKey === "string" ? publicKey : jwkModulusToPem(publicKey);
+          keyLookup = /*#__PURE__*/function () {
+            var _ref5 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee3(keyId) {
+              return _regenerator().w(function (_context3) {
+                while (1) switch (_context3.n) {
+                  case 0:
+                    return _context3.a(2, {
+                      id: keyId,
+                      algs: ["rsa-pss-sha512", "rsa-pss-sha256", "rsa-v1_5-sha256"],
+                      verify: function () {
+                        var _verify2 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee2(data, signature, parameters) {
+                          var verifier;
+                          return _regenerator().w(function (_context2) {
+                            while (1) switch (_context2.n) {
+                              case 0:
+                                verifier = _crypto["default"].createVerify("RSA-SHA".concat(parameters.alg.includes("512") ? "512" : "256"));
+                                verifier.update(data);
+                                if (!parameters.alg.startsWith("rsa-pss")) {
+                                  _context2.n = 1;
+                                  break;
+                                }
+                                return _context2.a(2, verifier.verify({
+                                  key: pem,
+                                  padding: _crypto["default"].constants.RSA_PKCS1_PSS_PADDING,
+                                  saltLength: _crypto["default"].constants.RSA_PSS_SALTLEN_DIGEST
+                                }, signature));
+                              case 1:
+                                return _context2.a(2, verifier.verify(pem, signature));
+                              case 2:
+                                return _context2.a(2);
+                            }
+                          }, _callee2);
+                        }));
+                        function verify(_x7, _x8, _x9) {
+                          return _verify2.apply(this, arguments);
+                        }
+                        return verify;
+                      }()
+                    });
+                }
+              }, _callee3);
+            }));
+            return function keyLookup(_x6) {
+              return _ref5.apply(this, arguments);
+            };
+          }();
+          _context6.n = 3;
+          break;
+        case 1:
+          // Extract public key from keyid
+          _signatureName = extractSignatureName(headers);
+          extractedKey = extractPublicKeyFromHeaders(headers, _signatureName);
+          if (extractedKey) {
+            _context6.n = 2;
+            break;
+          }
+          return _context6.a(2, {
+            valid: false,
+            error: "No public key provided and none found in signature"
+          });
+        case 2:
+          _pem = jwkModulusToPem(extractedKey);
+          keyLookup = /*#__PURE__*/function () {
+            var _ref6 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee5(keyId) {
+              return _regenerator().w(function (_context5) {
+                while (1) switch (_context5.n) {
+                  case 0:
+                    return _context5.a(2, {
+                      id: keyId,
+                      algs: ["rsa-pss-sha512", "rsa-pss-sha256", "rsa-v1_5-sha256"],
+                      verify: function () {
+                        var _verify3 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee4(data, signature, parameters) {
+                          var verifier, _verified, _t;
+                          return _regenerator().w(function (_context4) {
+                            while (1) switch (_context4.p = _context4.n) {
+                              case 0:
+                                _context4.p = 0;
+                                verifier = _crypto["default"].createVerify("RSA-SHA".concat(parameters.alg.includes("512") ? "512" : "256"));
+                                verifier.update(data);
+                                if (parameters.alg.startsWith("rsa-pss")) {
+                                  _verified = verifier.verify({
+                                    key: _pem,
+                                    padding: _crypto["default"].constants.RSA_PKCS1_PSS_PADDING,
+                                    saltLength: _crypto["default"].constants.RSA_PSS_SALTLEN_DIGEST
+                                  }, signature);
+                                } else {
+                                  _verified = verifier.verify(_pem, signature);
+                                }
+                                return _context4.a(2, _verified);
+                              case 1:
+                                _context4.p = 1;
+                                _t = _context4.v;
+                                console.error("Verification error:", _t);
+                                return _context4.a(2, false);
+                            }
+                          }, _callee4, null, [[0, 1]]);
+                        }));
+                        function verify(_x1, _x10, _x11) {
+                          return _verify3.apply(this, arguments);
+                        }
+                        return verify;
+                      }()
+                    });
+                }
+              }, _callee5);
+            }));
+            return function keyLookup(_x0) {
+              return _ref6.apply(this, arguments);
+            };
+          }();
+        case 3:
+          // Create request object for verification
+          _request = {
+            method: method,
+            url: url,
+            headers: _objectSpread({}, headers)
+          }; // Extract additional info from headers
+          signatureName = extractSignatureName(headers);
+          extractedPublicKey = extractPublicKeyFromHeaders(headers, signatureName); // Extract algorithm from signature-input
+          signatureInputHeader = headers["signature-input"] || headers["Signature-Input"];
+          decodedSigInput = decodeSigInput(signatureInputHeader, signatureName);
+          algorithm = decodedSigInput === null || decodedSigInput === void 0 || (_decodedSigInput$para = decodedSigInput.params) === null || _decodedSigInput$para === void 0 ? void 0 : _decodedSigInput$para.alg; // Verify using the library
+          verified = false;
+          verificationError = null;
+          _context6.p = 4;
+          _context6.n = 5;
+          return verifyMessage({
+            keyLookup: keyLookup,
+            requiredFields: [] // Don't require specific fields
+          }, _request);
+        case 5:
+          verificationResult = _context6.v;
+          // If we get here without throwing, verification succeeded
+          verified = true;
+          _context6.n = 7;
+          break;
+        case 6:
+          _context6.p = 6;
+          _t2 = _context6.v;
+          // Verification failed
+          verificationError = _t2.message;
+          verified = false;
+        case 7:
+          return _context6.a(2, _objectSpread({
+            valid: true,
+            // The signature format is valid
+            verified: verified,
+            // Whether the cryptographic verification passed
+            signatureName: signatureName,
+            keyId: extractedPublicKey ? _base64url["default"].encode(extractedPublicKey) : undefined,
+            algorithm: algorithm,
+            publicKeyFromHeader: extractedPublicKey,
+            decodedSignatureInput: decodedSigInput
+          }, verificationError && {
+            error: verificationError
+          }));
+        case 8:
+          _context6.p = 8;
+          _t3 = _context6.v;
+          return _context6.a(2, {
+            valid: false,
+            error: _t3.message
+          });
+      }
+    }, _callee6, null, [[4, 6], [0, 8]]);
+  }));
+  return _verify.apply(this, arguments);
+}
+function extractPublicKeyFromHeaders(headers, signatureName) {
+  var _Object$values$;
+  var signatureInput = headers["signature-input"] || headers["Signature-Input"];
+  if (!signatureInput) return null;
+
+  // Use the decoder to properly parse the signature-input
+  var decoded = decodeSigInput(signatureInput, signatureName);
+  if (!decoded) return null;
+
+  // If we decoded a specific signature, use its keyid
+  var keyid = signatureName && decoded.params ? decoded.params.keyid : (_Object$values$ = Object.values(decoded)[0]) === null || _Object$values$ === void 0 || (_Object$values$ = _Object$values$.params) === null || _Object$values$ === void 0 ? void 0 : _Object$values$.keyid;
+  if (!keyid) return null;
+  try {
+    return _base64url["default"].toBuffer(keyid);
+  } catch (error) {
+    return null;
+  }
+}
+
+/**
+ * Extract public key from a signed message
+ *
+ * @param {Object} signedMessage - The signed message
+ * @returns {Buffer|null} The public key buffer or null
+ */
+function extractPublicKeyFromMessage(signedMessage) {
+  var signatureName = extractSignatureName(signedMessage.headers);
+  return extractPublicKeyFromHeaders(signedMessage.headers, signatureName);
+}
+function send(_x3) {
+  return _send.apply(this, arguments);
+}
+/**
+ * Convert value to Buffer
+ */
+function _send() {
+  _send = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee7(signedMsg) {
+    var fetchImpl,
+      fetchOptions,
+      response,
+      _args7 = arguments,
+      _t4,
+      _t5,
+      _t6,
+      _t7,
+      _t8,
+      _t9,
+      _t0;
+    return _regenerator().w(function (_context7) {
+      while (1) switch (_context7.n) {
+        case 0:
+          fetchImpl = _args7.length > 1 && _args7[1] !== undefined ? _args7[1] : fetch;
+          fetchOptions = {
+            method: signedMsg.method,
+            headers: signedMsg.headers,
+            redirect: "follow"
+          }; // Only add body if it exists and method supports it
+          if (signedMsg.body !== undefined && signedMsg.method !== "GET" && signedMsg.method !== "HEAD") {
+            fetchOptions.body = signedMsg.body;
+          }
+          _context7.n = 1;
+          return fetchImpl(signedMsg.url, fetchOptions);
+        case 1:
+          response = _context7.v;
+          if (!(response.status >= 400)) {
+            _context7.n = 3;
+            break;
+          }
+          _t4 = Error;
+          _t5 = "".concat(response.status, ": ");
+          _context7.n = 2;
+          return response.text();
+        case 2:
+          _t6 = _context7.v;
+          _t7 = _t5.concat.call(_t5, _t6);
+          throw new _t4(_t7);
+        case 3:
+          _t8 = response.headers;
+          _context7.n = 4;
+          return response.text();
+        case 4:
+          _t9 = _context7.v;
+          _t0 = response.status;
+          return _context7.a(2, {
+            headers: _t8,
+            body: _t9,
+            status: _t0
+          });
+      }
+    }, _callee7);
+  }));
+  return _send.apply(this, arguments);
+}
+var toView = function toView(value) {
+  if (ArrayBuffer.isView(value)) {
+    return Buffer.from(value.buffer, value.byteOffset, value.byteLength);
+  } else if (typeof value === "string") {
+    return _base64url["default"].toBuffer(value);
+  }
+  throw new Error("Value must be Uint8Array, ArrayBuffer, or base64url-encoded string");
+};
+
+/**
+ * Generate HTTP signature name from address
+ */
+var httpSigName = function httpSigName(address) {
+  var decoded = _base64url["default"].toBuffer(address);
+  var hexString = _toConsumableArray(decoded.subarray(1, 9)).map(function (_byte) {
+    return _byte.toString(16).padStart(2, "0");
+  }).join("");
+  return "http-sig-".concat(hexString);
+};
+
+/**
+ * Create HTTP signer wrapper
+ */
+var toHttpSigner = exports.toHttpSigner = function toHttpSigner(signer) {
+  var params = ["alg", "keyid"].sort();
+  return /*#__PURE__*/function () {
+    var _ref2 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee(_ref) {
+      var request, fields, signatureBase, signatureInput, createCalled, create, result, signatureBuffer, signedHeaders, finalHeaders, _i, _Object$entries, _Object$entries$_i, key, value;
+      return _regenerator().w(function (_context) {
+        while (1) switch (_context.n) {
+          case 0:
+            request = _ref.request, fields = _ref.fields;
+            createCalled = false;
+            create = function create(injected) {
+              createCalled = true;
+              var publicKey = injected.publicKey,
+                _injected$alg = injected.alg,
+                alg = _injected$alg === void 0 ? "rsa-pss-sha512" : _injected$alg;
+              var publicKeyBuffer = toView(publicKey);
+              var signingParameters = createSigningParameters({
+                params: params,
+                paramValues: {
+                  keyid: _base64url["default"].encode(publicKeyBuffer),
+                  alg: alg
+                }
+              });
+              var signatureBaseArray = createSignatureBase({
+                fields: fields
+              }, request);
+              signatureInput = (0, _structuredHeaders.serializeList)([[signatureBaseArray.map(function (_ref3) {
+                var _ref4 = _slicedToArray(_ref3, 1),
+                  item = _ref4[0];
+                return (0, _structuredHeaders.parseItem)(item);
+              }), signingParameters]]);
+              signatureBaseArray.push(['"@signature-params"', [signatureInput]]);
+              signatureBase = formatSignatureBase(signatureBaseArray);
+              return new TextEncoder().encode(signatureBase);
+            };
+            _context.n = 1;
+            return signer(create, "httpsig");
+          case 1:
+            result = _context.v;
+            if (createCalled) {
+              _context.n = 2;
+              break;
+            }
+            throw new Error("create() must be invoked in order to construct the data to sign");
+          case 2:
+            if (!(!result.signature || !result.address)) {
+              _context.n = 3;
+              break;
+            }
+            throw new Error("Signer must return signature and address");
+          case 3:
+            signatureBuffer = toView(result.signature);
+            signedHeaders = augmentHeaders(request.headers, signatureBuffer, signatureInput, httpSigName(result.address)); // Only lowercase the signature headers
+            finalHeaders = {};
+            for (_i = 0, _Object$entries = Object.entries(signedHeaders); _i < _Object$entries.length; _i++) {
+              _Object$entries$_i = _slicedToArray(_Object$entries[_i], 2), key = _Object$entries$_i[0], value = _Object$entries$_i[1];
+              if (key === "Signature" || key === "Signature-Input") {
+                finalHeaders[key.toLowerCase()] = value;
+              } else {
+                finalHeaders[key] = value;
+              }
+            }
+            return _context.a(2, _objectSpread(_objectSpread({}, request), {}, {
+              headers: finalHeaders
+            }));
+        }
+      }, _callee);
+    }));
+    return function (_x4) {
+      return _ref2.apply(this, arguments);
+    };
+  }();
+};
+
+/**
+ * Utility function to extract the message ID from a signed message
+ * Based on the original code's hash calculation
+ */
+function getMessageId(_x5) {
+  return _getMessageId.apply(this, arguments);
+}
+function _getMessageId() {
+  _getMessageId = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee8(signedMessage) {
+    var signatureHeader, match, signature, encoder, data, hashBuffer, hashArray, hashBase64;
+    return _regenerator().w(function (_context8) {
+      while (1) switch (_context8.n) {
+        case 0:
+          // Extract signature from the Signature header
+          signatureHeader = signedMessage.headers.Signature || signedMessage.headers.signature;
+          match = signatureHeader.match(/Signature:\s*'http-sig-[^:]+:([^']+)'/);
+          signature = match ? match[1] : null;
+          if (signature) {
+            _context8.n = 1;
+            break;
+          }
+          throw new Error("Could not extract signature from headers");
+        case 1:
+          // Hash the signature to get message ID
+          encoder = new TextEncoder();
+          data = encoder.encode(signature);
+          _context8.n = 2;
+          return _crypto["default"].subtle.digest("SHA-256", data);
+        case 2:
+          hashBuffer = _context8.v;
+          hashArray = Array.from(new Uint8Array(hashBuffer));
+          hashBase64 = btoa(String.fromCharCode.apply(String, hashArray));
+          return _context8.a(2, hashBase64);
+      }
+    }, _callee8);
+  }));
+  return _getMessageId.apply(this, arguments);
+}