hbsig 0.2.8 → 0.3.1

package/cjs/parser.js

@@ -39,7 +39,7 @@ function decodeSigInput(signatureInput) {
       }
 
       // Extract from signature name to the next signature (if any) or end
-      var nextSigMatch = signatureInput.substring(startIndex + signatureName.length).match(/,\s*[a-zA-Z0-9-]+=/);
+      var nextSigMatch = signatureInput.substring(startIndex + signatureName.length).match(/,\s*[a-zA-Z0-9_-]+=/);
       var endIndex = nextSigMatch ? startIndex + signatureName.length + nextSigMatch.index : signatureInput.length;
       inputToDecode = signatureInput.substring(startIndex, endIndex).trim();
     }
@@ -48,7 +48,7 @@ function decodeSigInput(signatureInput) {
     var signatures = {};
 
     // Split by signature entries (handle multiple signatures)
-    var entries = inputToDecode.split(/,(?=\s*[a-zA-Z0-9-]+=)/);
+    var entries = inputToDecode.split(/,(?=\s*[a-zA-Z0-9_-]+=)/);
     var _iterator = _createForOfIteratorHelper(entries),
       _step;
     try {
@@ -57,7 +57,7 @@ function decodeSigInput(signatureInput) {
         var trimmedEntry = entry.trim();
 
         // Match signature-name=(components);params format
-        var match = trimmedEntry.match(/^([a-zA-Z0-9-]+)=\(([^)]*)\)(.*)$/);
+        var match = trimmedEntry.match(/^([a-zA-Z0-9_-]+)=\(([^)]*)\)(.*)$/);
         if (!match) {
           continue;
         }
@@ -146,7 +146,6 @@ function extractSignatureName(headers) {
  * @returns {Buffer|null} Public key buffer or null
  */
 function extractPubKey(headers, signatureName) {
-  var _Object$values$;
   var signatureInput = headers["signature-input"] || headers["Signature-Input"];
   if (!signatureInput) return null;
 
@@ -155,10 +154,35 @@ function extractPubKey(headers, signatureName) {
   if (!decoded) return null;
 
   // If we decoded a specific signature, use its keyid
-  var keyid = signatureName && decoded.params ? decoded.params.keyid : (_Object$values$ = Object.values(decoded)[0]) === null || _Object$values$ === void 0 || (_Object$values$ = _Object$values$.params) === null || _Object$values$ === void 0 ? void 0 : _Object$values$.keyid;
+  // When no specific signatureName, prefer RSA signature over HMAC
+  // (HMAC keyid is "constant:ao" which is not a real public key)
+  var keyid = null;
+  if (signatureName && decoded.params) {
+    keyid = decoded.params.keyid;
+  } else {
+    var _rsaEntry$params, _entries$;
+    var entries = Object.values(decoded);
+    var rsaEntry = entries.find(function (e) {
+      var _e$params;
+      return (_e$params = e.params) === null || _e$params === void 0 || (_e$params = _e$params.alg) === null || _e$params === void 0 ? void 0 : _e$params.startsWith("rsa-");
+    });
+    keyid = (rsaEntry === null || rsaEntry === void 0 || (_rsaEntry$params = rsaEntry.params) === null || _rsaEntry$params === void 0 ? void 0 : _rsaEntry$params.keyid) || ((_entries$ = entries[0]) === null || _entries$ === void 0 || (_entries$ = _entries$.params) === null || _entries$ === void 0 ? void 0 : _entries$.keyid);
+  }
   if (!keyid) return null;
   try {
-    return _base64url["default"].toBuffer(keyid);
+    // Strip scheme prefix if present (e.g., "publickey:base64data" -> "base64data")
+    var keyidToDecode = keyid;
+    if (keyid.includes(":")) {
+      var colonIndex = keyid.indexOf(":");
+      keyidToDecode = keyid.substring(colonIndex + 1);
+    }
+    // Handle both base64url and standard base64 encoding
+    // Standard base64 uses +/ while base64url uses -_
+    if (keyidToDecode.includes("+") || keyidToDecode.includes("/")) {
+      // Standard base64 - convert to buffer directly
+      return Buffer.from(keyidToDecode, "base64");
+    }
+    return _base64url["default"].toBuffer(keyidToDecode);
   } catch (error) {
     return null;
   }

package/cjs/send.js

@@ -78,8 +78,7 @@ function _send() {
       _args3 = arguments,
       _t,
       _t2,
-      _t3,
-      _t4;
+      _t3;
     return _regenerator().w(function (_context3) {
       while (1) switch (_context3.n) {
         case 0:
@@ -105,9 +104,8 @@ function _send() {
           _context3.n = 2;
           return response.text();
         case 2:
-          _t3 = _context3.v;
-          _t4 = _t2.concat.call(_t2, _t3);
-          throw new _t(_t4);
+          _t3 = _t2.concat.call(_t2, _context3.v);
+          throw new _t(_t3);
         case 3:
           _context3.n = 4;
           return (0, _sendUtils.result)(response);
@@ -123,7 +121,9 @@ var httpSigName = exports.httpSigName = function httpSigName(address) {
   var hexString = _toConsumableArray(decoded.subarray(1, 9)).map(function (_byte) {
     return _byte.toString(16).padStart(2, "0");
   }).join("");
-  return "http-sig-".concat(hexString);
+  // Use 'comm-' prefix to match HyperBEAM's siginfo_to_commitments pattern
+  // (it strips <<"comm-", Rest/binary>> before parsing structured fields)
+  return "comm-".concat(hexString);
 };
 var toView = function toView(value) {
   if (ArrayBuffer.isView(value)) {
@@ -147,10 +147,14 @@ var toHttpSigner = exports.toHttpSigner = function toHttpSigner(signer) {
                 _injected$alg = injected.alg,
                 alg = _injected$alg === void 0 ? "rsa-pss-sha512" : _injected$alg;
               var publicKeyBuffer = toView(publicKey);
+              // Use standard base64 encoding for keyid to be compatible with HyperBEAM's
+              // base64:decode in dev_codec_httpsig_keyid:apply_scheme
+              // Include "publickey:" prefix so HyperBEAM knows the key scheme
+              var keyidBase64 = "publickey:".concat(publicKeyBuffer.toString("base64"));
               var signingParameters = createSigningParameters({
                 params: params,
                 paramValues: {
-                  keyid: _base64url["default"].encode(publicKeyBuffer),
+                  keyid: keyidBase64,
                   alg: alg
                 }
               });

package/cjs/signer-utils.js

@@ -308,8 +308,7 @@ function _send() {
       _t6,
       _t7,
       _t8,
-      _t9,
-      _t0;
+      _t9;
     return _regenerator().w(function (_context7) {
       while (1) switch (_context7.n) {
         case 0:
@@ -335,20 +334,19 @@ function _send() {
           _context7.n = 2;
           return response.text();
         case 2:
-          _t6 = _context7.v;
-          _t7 = _t5.concat.call(_t5, _t6);
-          throw new _t4(_t7);
+          _t6 = _t5.concat.call(_t5, _context7.v);
+          throw new _t4(_t6);
         case 3:
-          _t8 = response.headers;
+          _t7 = response.headers;
           _context7.n = 4;
           return response.text();
         case 4:
-          _t9 = _context7.v;
-          _t0 = response.status;
+          _t8 = _context7.v;
+          _t9 = response.status;
           return _context7.a(2, {
-            headers: _t8,
-            body: _t9,
-            status: _t0
+            headers: _t7,
+            body: _t8,
+            status: _t9
           });
       }
     }, _callee7);
@@ -394,10 +392,14 @@ var toHttpSigner = exports.toHttpSigner = function toHttpSigner(signer) {
                 _injected$alg = injected.alg,
                 alg = _injected$alg === void 0 ? "rsa-pss-sha512" : _injected$alg;
               var publicKeyBuffer = toView(publicKey);
+              // Use standard base64 encoding for keyid to be compatible with HyperBEAM's
+              // base64:decode in dev_codec_httpsig_keyid:apply_scheme
+              // Include "publickey:" prefix so HyperBEAM knows the key scheme
+              var keyidBase64 = "publickey:".concat(publicKeyBuffer.toString("base64"));
               var signingParameters = createSigningParameters({
                 params: params,
                 paramValues: {
-                  keyid: _base64url["default"].encode(publicKeyBuffer),
+                  keyid: keyidBase64,
                   alg: alg
                 }
               });