wao 0.31.2 → 0.32.1

package/cjs/http-message-signatures/httpbis.js

@@ -0,0 +1,497 @@
+"use strict";
+
+function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); }
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.augmentHeaders = augmentHeaders;
+exports.createSignatureBase = createSignatureBase;
+exports.createSigningParameters = createSigningParameters;
+exports.deriveComponent = deriveComponent;
+exports.extractHeader = extractHeader;
+exports.formatSignatureBase = formatSignatureBase;
+exports.signMessage = signMessage;
+exports.verifyMessage = verifyMessage;
+var _structuredHeaders = require("structured-headers");
+var _structuredHeader = require("./structured-header.js");
+function _regeneratorRuntime() { "use strict"; /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */ _regeneratorRuntime = function _regeneratorRuntime() { return e; }; var t, e = {}, r = Object.prototype, n = r.hasOwnProperty, o = Object.defineProperty || function (t, e, r) { t[e] = r.value; }, i = "function" == typeof Symbol ? Symbol : {}, a = i.iterator || "@@iterator", c = i.asyncIterator || "@@asyncIterator", u = i.toStringTag || "@@toStringTag"; function define(t, e, r) { return Object.defineProperty(t, e, { value: r, enumerable: !0, configurable: !0, writable: !0 }), t[e]; } try { define({}, ""); } catch (t) { define = function define(t, e, r) { return t[e] = r; }; } function wrap(t, e, r, n) { var i = e && e.prototype instanceof Generator ? e : Generator, a = Object.create(i.prototype), c = new Context(n || []); return o(a, "_invoke", { value: makeInvokeMethod(t, r, c) }), a; } function tryCatch(t, e, r) { try { return { type: "normal", arg: t.call(e, r) }; } catch (t) { return { type: "throw", arg: t }; } } e.wrap = wrap; var h = "suspendedStart", l = "suspendedYield", f = "executing", s = "completed", y = {}; function Generator() {} function GeneratorFunction() {} function GeneratorFunctionPrototype() {} var p = {}; define(p, a, function () { return this; }); var d = Object.getPrototypeOf, v = d && d(d(values([]))); v && v !== r && n.call(v, a) && (p = v); var g = GeneratorFunctionPrototype.prototype = Generator.prototype = Object.create(p); function defineIteratorMethods(t) { ["next", "throw", "return"].forEach(function (e) { define(t, e, function (t) { return this._invoke(e, t); }); }); } function AsyncIterator(t, e) { function invoke(r, o, i, a) { var c = tryCatch(t[r], t, o); if ("throw" !== c.type) { var u = c.arg, h = u.value; return h && "object" == _typeof(h) && n.call(h, "__await") ? e.resolve(h.__await).then(function (t) { invoke("next", t, i, a); }, function (t) { invoke("throw", t, i, a); }) : e.resolve(h).then(function (t) { u.value = t, i(u); }, function (t) { return invoke("throw", t, i, a); }); } a(c.arg); } var r; o(this, "_invoke", { value: function value(t, n) { function callInvokeWithMethodAndArg() { return new e(function (e, r) { invoke(t, n, e, r); }); } return r = r ? r.then(callInvokeWithMethodAndArg, callInvokeWithMethodAndArg) : callInvokeWithMethodAndArg(); } }); } function makeInvokeMethod(e, r, n) { var o = h; return function (i, a) { if (o === f) throw Error("Generator is already running"); if (o === s) { if ("throw" === i) throw a; return { value: t, done: !0 }; } for (n.method = i, n.arg = a;;) { var c = n.delegate; if (c) { var u = maybeInvokeDelegate(c, n); if (u) { if (u === y) continue; return u; } } if ("next" === n.method) n.sent = n._sent = n.arg;else if ("throw" === n.method) { if (o === h) throw o = s, n.arg; n.dispatchException(n.arg); } else "return" === n.method && n.abrupt("return", n.arg); o = f; var p = tryCatch(e, r, n); if ("normal" === p.type) { if (o = n.done ? s : l, p.arg === y) continue; return { value: p.arg, done: n.done }; } "throw" === p.type && (o = s, n.method = "throw", n.arg = p.arg); } }; } function maybeInvokeDelegate(e, r) { var n = r.method, o = e.iterator[n]; if (o === t) return r.delegate = null, "throw" === n && e.iterator["return"] && (r.method = "return", r.arg = t, maybeInvokeDelegate(e, r), "throw" === r.method) || "return" !== n && (r.method = "throw", r.arg = new TypeError("The iterator does not provide a '" + n + "' method")), y; var i = tryCatch(o, e.iterator, r.arg); if ("throw" === i.type) return r.method = "throw", r.arg = i.arg, r.delegate = null, y; var a = i.arg; return a ? a.done ? (r[e.resultName] = a.value, r.next = e.nextLoc, "return" !== r.method && (r.method = "next", r.arg = t), r.delegate = null, y) : a : (r.method = "throw", r.arg = new TypeError("iterator result is not an object"), r.delegate = null, y); } function pushTryEntry(t) { var e = { tryLoc: t[0] }; 1 in t && (e.catchLoc = t[1]), 2 in t && (e.finallyLoc = t[2], e.afterLoc = t[3]), this.tryEntries.push(e); } function resetTryEntry(t) { var e = t.completion || {}; e.type = "normal", delete e.arg, t.completion = e; } function Context(t) { this.tryEntries = [{ tryLoc: "root" }], t.forEach(pushTryEntry, this), this.reset(!0); } function values(e) { if (e || "" === e) { var r = e[a]; if (r) return r.call(e); if ("function" == typeof e.next) return e; if (!isNaN(e.length)) { var o = -1, i = function next() { for (; ++o < e.length;) if (n.call(e, o)) return next.value = e[o], next.done = !1, next; return next.value = t, next.done = !0, next; }; return i.next = i; } } throw new TypeError(_typeof(e) + " is not iterable"); } return GeneratorFunction.prototype = GeneratorFunctionPrototype, o(g, "constructor", { value: GeneratorFunctionPrototype, configurable: !0 }), o(GeneratorFunctionPrototype, "constructor", { value: GeneratorFunction, configurable: !0 }), GeneratorFunction.displayName = define(GeneratorFunctionPrototype, u, "GeneratorFunction"), e.isGeneratorFunction = function (t) { var e = "function" == typeof t && t.constructor; return !!e && (e === GeneratorFunction || "GeneratorFunction" === (e.displayName || e.name)); }, e.mark = function (t) { return Object.setPrototypeOf ? Object.setPrototypeOf(t, GeneratorFunctionPrototype) : (t.__proto__ = GeneratorFunctionPrototype, define(t, u, "GeneratorFunction")), t.prototype = Object.create(g), t; }, e.awrap = function (t) { return { __await: t }; }, defineIteratorMethods(AsyncIterator.prototype), define(AsyncIterator.prototype, c, function () { return this; }), e.AsyncIterator = AsyncIterator, e.async = function (t, r, n, o, i) { void 0 === i && (i = Promise); var a = new AsyncIterator(wrap(t, r, n, o), i); return e.isGeneratorFunction(r) ? a : a.next().then(function (t) { return t.done ? t.value : a.next(); }); }, defineIteratorMethods(g), define(g, u, "Generator"), define(g, a, function () { return this; }), define(g, "toString", function () { return "[object Generator]"; }), e.keys = function (t) { var e = Object(t), r = []; for (var n in e) r.push(n); return r.reverse(), function next() { for (; r.length;) { var t = r.pop(); if (t in e) return next.value = t, next.done = !1, next; } return next.done = !0, next; }; }, e.values = values, Context.prototype = { constructor: Context, reset: function reset(e) { if (this.prev = 0, this.next = 0, this.sent = this._sent = t, this.done = !1, this.delegate = null, this.method = "next", this.arg = t, this.tryEntries.forEach(resetTryEntry), !e) for (var r in this) "t" === r.charAt(0) && n.call(this, r) && !isNaN(+r.slice(1)) && (this[r] = t); }, stop: function stop() { this.done = !0; var t = this.tryEntries[0].completion; if ("throw" === t.type) throw t.arg; return this.rval; }, dispatchException: function dispatchException(e) { if (this.done) throw e; var r = this; function handle(n, o) { return a.type = "throw", a.arg = e, r.next = n, o && (r.method = "next", r.arg = t), !!o; } for (var o = this.tryEntries.length - 1; o >= 0; --o) { var i = this.tryEntries[o], a = i.completion; if ("root" === i.tryLoc) return handle("end"); if (i.tryLoc <= this.prev) { var c = n.call(i, "catchLoc"), u = n.call(i, "finallyLoc"); if (c && u) { if (this.prev < i.catchLoc) return handle(i.catchLoc, !0); if (this.prev < i.finallyLoc) return handle(i.finallyLoc); } else if (c) { if (this.prev < i.catchLoc) return handle(i.catchLoc, !0); } else { if (!u) throw Error("try statement without catch or finally"); if (this.prev < i.finallyLoc) return handle(i.finallyLoc); } } } }, abrupt: function abrupt(t, e) { for (var r = this.tryEntries.length - 1; r >= 0; --r) { var o = this.tryEntries[r]; if (o.tryLoc <= this.prev && n.call(o, "finallyLoc") && this.prev < o.finallyLoc) { var i = o; break; } } i && ("break" === t || "continue" === t) && i.tryLoc <= e && e <= i.finallyLoc && (i = null); var a = i ? i.completion : {}; return a.type = t, a.arg = e, i ? (this.method = "next", this.next = i.finallyLoc, y) : this.complete(a); }, complete: function complete(t, e) { if ("throw" === t.type) throw t.arg; return "break" === t.type || "continue" === t.type ? this.next = t.arg : "return" === t.type ? (this.rval = this.arg = t.arg, this.method = "return", this.next = "end") : "normal" === t.type && e && (this.next = e), y; }, finish: function finish(t) { for (var e = this.tryEntries.length - 1; e >= 0; --e) { var r = this.tryEntries[e]; if (r.finallyLoc === t) return this.complete(r.completion, r.afterLoc), resetTryEntry(r), y; } }, "catch": function _catch(t) { for (var e = this.tryEntries.length - 1; e >= 0; --e) { var r = this.tryEntries[e]; if (r.tryLoc === t) { var n = r.completion; if ("throw" === n.type) { var o = n.arg; resetTryEntry(r); } return o; } } throw Error("illegal catch attempt"); }, delegateYield: function delegateYield(e, r, n) { return this.delegate = { iterator: values(e), resultName: r, nextLoc: n }, "next" === this.method && (this.arg = t), y; } }, e; }
+function asyncGeneratorStep(n, t, e, r, o, a, c) { try { var i = n[a](c), u = i.value; } catch (n) { return void e(n); } i.done ? t(u) : Promise.resolve(u).then(r, o); }
+function _asyncToGenerator(n) { return function () { var t = this, e = arguments; return new Promise(function (r, o) { var a = n.apply(t, e); function _next(n) { asyncGeneratorStep(a, r, o, _next, _throw, "next", n); } function _throw(n) { asyncGeneratorStep(a, r, o, _next, _throw, "throw", n); } _next(void 0); }); }; }
+function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
+function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == _typeof(i) ? i : i + ""; }
+function _toPrimitive(t, r) { if ("object" != _typeof(t) || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != _typeof(i)) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
+function _slicedToArray(r, e) { return _arrayWithHoles(r) || _iterableToArrayLimit(r, e) || _unsupportedIterableToArray(r, e) || _nonIterableRest(); }
+function _nonIterableRest() { throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
+function _unsupportedIterableToArray(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0; } }
+function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
+function _iterableToArrayLimit(r, l) { var t = null == r ? null : "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (null != t) { var e, n, i, u, a = [], f = !0, o = !1; try { if (i = (t = t.call(r)).next, 0 === l) { if (Object(t) !== t) return; f = !1; } else for (; !(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = !0); } catch (r) { o = !0, n = r; } finally { try { if (!f && null != t["return"] && (u = t["return"](), Object(u) !== u)) return; } finally { if (o) throw n; } } return a; } }
+function _arrayWithHoles(r) { if (Array.isArray(r)) return r; }
+// Default params if not provided
+var defaultParams = ["created", "keyid", "alg", "expires"];
+
+// Helper to check if message is a request
+var isRequest = function isRequest(message) {
+  return message.method !== undefined;
+};
+
+/**
+ * Components can be derived from requests or responses (which can also be bound to their request).
+ * The signature is essentially (component, params, signingSubject, supplementaryData)
+ *
+ * MODIFIED: This implementation matches Erlang behavior where @ components are treated as field lookups
+ */
+function deriveComponent(component, params, message, req) {
+  // MODIFIED: Match Erlang behavior - all @ components become field lookups
+  // The Erlang strips @ and calls extract_field for ALL derived components
+
+  // Remove @ prefix to match Erlang behavior
+  var fieldName = component.startsWith("@") ? component.slice(1) : component;
+
+  // For all @ components, do a field lookup instead of deriving
+  // This matches the Erlang identifier_to_component behavior
+  if (component.startsWith("@")) {
+    try {
+      if (params.has("req") && req) {
+        return extractHeader(fieldName, params, req, undefined);
+      }
+      return extractHeader(fieldName, params, message, req);
+    } catch (e) {
+      // If field not found, return empty or throw based on component type
+      throw new Error("No field \"".concat(fieldName, "\" found for component \"").concat(component, "\""));
+    }
+  }
+
+  // This code path should not be reached for @ components anymore
+  // but keeping it for non-@ components
+  throw new Error("Unsupported component \"".concat(component, "\""));
+}
+function extractHeader(header, params, messageOrHeaders, req) {
+  var headers = messageOrHeaders.headers || messageOrHeaders;
+  var context = params.has("req") ? req === null || req === void 0 ? void 0 : req.headers : headers;
+  if (!context) {
+    throw new Error("Missing request in request-response bound component");
+  }
+  var headerTuple = Object.entries(context).find(function (_ref) {
+    var _ref2 = _slicedToArray(_ref, 1),
+      name = _ref2[0];
+    return name.toLowerCase() === header;
+  });
+  if (!headerTuple) {
+    throw new Error("No header \"".concat(header, "\" found in headers"));
+  }
+  var values = Array.isArray(headerTuple[1]) ? headerTuple[1] : [headerTuple[1]];
+  if (params.has("bs") && (params.has("sf") || params.has("key"))) {
+    throw new Error("Cannot have both `bs` and (implicit) `sf` parameters");
+  }
+  if (params.has("sf") || params.has("key")) {
+    // strict encoding of field
+    var value = values.join(", ");
+    var parsed = (0, _structuredHeader.parseHeader)(value);
+    if (params.has("key") && !(parsed instanceof _structuredHeader.Dictionary)) {
+      throw new Error("Unable to parse header as dictionary");
+    }
+    if (params.has("key")) {
+      var key = params.get("key").toString();
+      if (!parsed.has(key)) {
+        throw new Error("Unable to find key \"".concat(key, "\" in structured field"));
+      }
+      return [parsed.get(key)];
+    }
+    return [parsed.toString()];
+  }
+  if (params.has("bs")) {
+    return [values.map(function (val) {
+      var encoded = Buffer.from(val.trim().replace(/\n\s*/gm, " "));
+      return ":".concat(encoded.toString("base64"), ":");
+    }).join(", ")];
+  }
+  // raw encoding
+  return [values.map(function (val) {
+    return val.trim().replace(/\n\s*/gm, " ");
+  }).join(", ")];
+}
+function normaliseParams(params) {
+  var map = new Map();
+  params.forEach(function (value, key) {
+    if (value instanceof _structuredHeaders.ByteSequence) {
+      map.set(key, value.toBase64());
+    } else if (value instanceof _structuredHeaders.Token) {
+      map.set(key, value.toString());
+    } else {
+      map.set(key, value);
+    }
+  });
+  return map;
+}
+function createSignatureBase(config, res, req) {
+  return config.fields.reduce(function (base, fieldName) {
+    var _parseItem = (0, _structuredHeaders.parseItem)((0, _structuredHeader.quoteString)(fieldName)),
+      _parseItem2 = _slicedToArray(_parseItem, 2),
+      field = _parseItem2[0],
+      params = _parseItem2[1];
+    var fieldParams = normaliseParams(params);
+    var lcFieldName = field.toLowerCase();
+    if (lcFieldName !== "@signature-params") {
+      var value = null;
+      if (config.componentParser) {
+        var _config$componentPars;
+        value = (_config$componentPars = config.componentParser(lcFieldName, fieldParams, res, req)) !== null && _config$componentPars !== void 0 ? _config$componentPars : null;
+      }
+      if (value === null) {
+        value = field.startsWith("@") ? deriveComponent(lcFieldName, fieldParams, res, req) : extractHeader(lcFieldName, fieldParams, res, req);
+      }
+      base.push([(0, _structuredHeaders.serializeItem)([field, params]), value]);
+    }
+    return base;
+  }, []);
+}
+function formatSignatureBase(base) {
+  return base.map(function (_ref3) {
+    var _ref4 = _slicedToArray(_ref3, 2),
+      key = _ref4[0],
+      value = _ref4[1];
+    var quotedKey = (0, _structuredHeaders.serializeItem)((0, _structuredHeaders.parseItem)((0, _structuredHeader.quoteString)(key)));
+
+    // MODIFIED: Special handling to match Erlang behavior
+    // If the key is "@path", format it as "path" (without @) in the signature base
+    var formattedKey = quotedKey;
+    if (quotedKey === '"@path"') {
+      formattedKey = '"path"';
+    }
+    return value.map(function (val) {
+      return "".concat(formattedKey, ": ").concat(val);
+    }).join("\n");
+  }).join("\n");
+}
+function createSigningParameters(config) {
+  var _config$params;
+  var now = new Date();
+  return ((_config$params = config.params) !== null && _config$params !== void 0 ? _config$params : defaultParams).reduce(function (params, paramName) {
+    var _config$paramValues, _config$paramValues3, _config$paramValues4, _config$paramValues9, _config$paramValues10;
+    var value = "";
+    switch (paramName.toLowerCase()) {
+      case "created":
+        // created is optional but recommended. If created is supplied but is null, that's an explicit
+        // instruction to *not* include the created parameter
+        if (((_config$paramValues = config.paramValues) === null || _config$paramValues === void 0 ? void 0 : _config$paramValues.created) !== null) {
+          var _config$paramValues$c, _config$paramValues2;
+          var created = (_config$paramValues$c = (_config$paramValues2 = config.paramValues) === null || _config$paramValues2 === void 0 ? void 0 : _config$paramValues2.created) !== null && _config$paramValues$c !== void 0 ? _config$paramValues$c : now;
+          value = Math.floor(created.getTime() / 1000);
+        }
+        break;
+      case "expires":
+        // attempt to obtain an explicit expires time, otherwise create one that is 300 seconds after
+        // creation. Don't add an expires time if there is no created time
+        if ((_config$paramValues3 = config.paramValues) !== null && _config$paramValues3 !== void 0 && _config$paramValues3.expires || ((_config$paramValues4 = config.paramValues) === null || _config$paramValues4 === void 0 ? void 0 : _config$paramValues4.created) !== null) {
+          var _config$paramValues$e, _config$paramValues5, _config$paramValues$c2, _config$paramValues6;
+          var expires = (_config$paramValues$e = (_config$paramValues5 = config.paramValues) === null || _config$paramValues5 === void 0 ? void 0 : _config$paramValues5.expires) !== null && _config$paramValues$e !== void 0 ? _config$paramValues$e : new Date(((_config$paramValues$c2 = (_config$paramValues6 = config.paramValues) === null || _config$paramValues6 === void 0 ? void 0 : _config$paramValues6.created) !== null && _config$paramValues$c2 !== void 0 ? _config$paramValues$c2 : now).getTime() + 300000);
+          value = Math.floor(expires.getTime() / 1000);
+        }
+        break;
+      case "keyid":
+        {
+          var _ref5, _config$paramValues$k, _config$paramValues7;
+          // attempt to obtain the keyid omit if missing
+          var kid = (_ref5 = (_config$paramValues$k = (_config$paramValues7 = config.paramValues) === null || _config$paramValues7 === void 0 ? void 0 : _config$paramValues7.keyid) !== null && _config$paramValues$k !== void 0 ? _config$paramValues$k : config.key.id) !== null && _ref5 !== void 0 ? _ref5 : null;
+          if (kid) {
+            value = kid.toString();
+          }
+          break;
+        }
+      case "alg":
+        {
+          var _ref6, _config$paramValues$a, _config$paramValues8;
+          // if there is no alg, but it's listed as a required parameter, we should probably
+          // throw an error - the problem is that if it's in the default set of params, do we
+          // really want to throw if there's no keyid?
+          var alg = (_ref6 = (_config$paramValues$a = (_config$paramValues8 = config.paramValues) === null || _config$paramValues8 === void 0 ? void 0 : _config$paramValues8.alg) !== null && _config$paramValues$a !== void 0 ? _config$paramValues$a : config.key.alg) !== null && _ref6 !== void 0 ? _ref6 : null;
+          if (alg) {
+            value = alg.toString();
+          }
+          break;
+        }
+      default:
+        if (((_config$paramValues9 = config.paramValues) === null || _config$paramValues9 === void 0 ? void 0 : _config$paramValues9[paramName]) instanceof Date) {
+          value = Math.floor(config.paramValues[paramName].getTime() / 1000);
+        } else if ((_config$paramValues10 = config.paramValues) !== null && _config$paramValues10 !== void 0 && _config$paramValues10[paramName]) {
+          value = config.paramValues[paramName];
+        }
+    }
+    if (value) {
+      params.set(paramName, value);
+    }
+    return params;
+  }, new Map());
+}
+function augmentHeaders(headers, signature, signatureInput, name) {
+  var signatureHeaderName = "Signature";
+  var signatureInputHeaderName = "Signature-Input";
+  var signatureHeader = new Map();
+  var inputHeader = new Map();
+  // check to see if there are already signature/signature-input headers
+  // if there are we want to store the current (case-sensitive) name of the header
+  // and we want to parse out the current values so we can append our new signature
+  for (var header in headers) {
+    switch (header.toLowerCase()) {
+      case "signature":
+        {
+          signatureHeaderName = header;
+          signatureHeader = (0, _structuredHeaders.parseDictionary)(Array.isArray(headers[header]) ? headers[header].join(", ") : headers[header]);
+          break;
+        }
+      case "signature-input":
+        signatureInputHeaderName = header;
+        inputHeader = (0, _structuredHeaders.parseDictionary)(Array.isArray(headers[header]) ? headers[header].join(", ") : headers[header]);
+        break;
+    }
+  }
+  // find a unique signature name for the header. Check if any existing headers already use
+  // the name we intend to use, if there are, add incrementing numbers to the signature name
+  // until we have a unique name to use
+  var signatureName = name !== null && name !== void 0 ? name : "sig";
+  if (signatureHeader.has(signatureName) || inputHeader.has(signatureName)) {
+    var count = 0;
+    while (signatureHeader.has("".concat(signatureName).concat(count)) || inputHeader.has("".concat(signatureName).concat(count))) {
+      count++;
+    }
+    signatureName += count.toString();
+  }
+  // append our signature and signature-inputs to the headers and return
+  signatureHeader.set(signatureName, [new _structuredHeaders.ByteSequence(signature.toString("base64")), new Map()]);
+  inputHeader.set(signatureName, (0, _structuredHeaders.parseList)(signatureInput)[0]);
+  return _objectSpread(_objectSpread({}, headers), {}, _defineProperty(_defineProperty({}, signatureHeaderName, (0, _structuredHeaders.serializeDictionary)(signatureHeader)), signatureInputHeaderName, (0, _structuredHeaders.serializeDictionary)(inputHeader)));
+}
+function signMessage(_x, _x2, _x3) {
+  return _signMessage.apply(this, arguments);
+}
+function _signMessage() {
+  _signMessage = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime().mark(function _callee(config, message, req) {
+    var _config$fields;
+    var signingParameters, signatureBase, signatureInput, base, signature;
+    return _regeneratorRuntime().wrap(function _callee$(_context) {
+      while (1) switch (_context.prev = _context.next) {
+        case 0:
+          signingParameters = createSigningParameters(config);
+          signatureBase = createSignatureBase({
+            fields: (_config$fields = config.fields) !== null && _config$fields !== void 0 ? _config$fields : [],
+            componentParser: config.componentParser
+          }, message, req);
+          signatureInput = (0, _structuredHeaders.serializeList)([[signatureBase.map(function (_ref7) {
+            var _ref8 = _slicedToArray(_ref7, 1),
+              item = _ref8[0];
+            return (0, _structuredHeaders.parseItem)(item);
+          }), signingParameters]]);
+          signatureBase.push(['"@signature-params"', [signatureInput]]);
+          base = formatSignatureBase(signatureBase); // call sign
+          _context.next = 7;
+          return config.key.sign(Buffer.from(base));
+        case 7:
+          signature = _context.sent;
+          return _context.abrupt("return", _objectSpread(_objectSpread({}, message), {}, {
+            headers: augmentHeaders(_objectSpread({}, message.headers), signature, signatureInput, config.name)
+          }));
+        case 9:
+        case "end":
+          return _context.stop();
+      }
+    }, _callee);
+  }));
+  return _signMessage.apply(this, arguments);
+}
+function verifyMessage(_x4, _x5, _x6) {
+  return _verifyMessage.apply(this, arguments);
+}
+function _verifyMessage() {
+  _verifyMessage = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime().mark(function _callee3(config, message, req) {
+    var _config$tolerance, _config$notAfter, _config$maxAge, _config$requiredParam, _config$requiredField;
+    var _Object$entries$reduc, signatures, signatureInputs, now, tolerance, notAfter, maxAge, requiredParams, requiredFields;
+    return _regeneratorRuntime().wrap(function _callee3$(_context3) {
+      while (1) switch (_context3.prev = _context3.next) {
+        case 0:
+          _Object$entries$reduc = Object.entries(message.headers).reduce(function (accum, _ref9) {
+            var _ref10 = _slicedToArray(_ref9, 2),
+              name = _ref10[0],
+              value = _ref10[1];
+            switch (name.toLowerCase()) {
+              case "signature":
+                return Object.assign(accum, {
+                  signatures: (0, _structuredHeaders.parseDictionary)(Array.isArray(value) ? value.join(", ") : value)
+                });
+              case "signature-input":
+                return Object.assign(accum, {
+                  signatureInputs: (0, _structuredHeaders.parseDictionary)(Array.isArray(value) ? value.join(", ") : value)
+                });
+              default:
+                return accum;
+            }
+          }, {}), signatures = _Object$entries$reduc.signatures, signatureInputs = _Object$entries$reduc.signatureInputs; // no signatures means an indeterminate result
+          if (!(!(signatures !== null && signatures !== void 0 && signatures.size) && !(signatureInputs !== null && signatureInputs !== void 0 && signatureInputs.size))) {
+            _context3.next = 3;
+            break;
+          }
+          return _context3.abrupt("return", null);
+        case 3:
+          if (!(!(signatures !== null && signatures !== void 0 && signatures.size) || !(signatureInputs !== null && signatureInputs !== void 0 && signatureInputs.size))) {
+            _context3.next = 5;
+            break;
+          }
+          throw new Error("Incomplete signature headers");
+        case 5:
+          now = Math.floor(Date.now() / 1000);
+          tolerance = (_config$tolerance = config.tolerance) !== null && _config$tolerance !== void 0 ? _config$tolerance : 0;
+          notAfter = config.notAfter instanceof Date ? Math.floor(config.notAfter.getTime() / 1000) : (_config$notAfter = config.notAfter) !== null && _config$notAfter !== void 0 ? _config$notAfter : now;
+          maxAge = (_config$maxAge = config.maxAge) !== null && _config$maxAge !== void 0 ? _config$maxAge : null;
+          requiredParams = (_config$requiredParam = config.requiredParams) !== null && _config$requiredParam !== void 0 ? _config$requiredParam : [];
+          requiredFields = (_config$requiredField = config.requiredFields) !== null && _config$requiredField !== void 0 ? _config$requiredField : [];
+          return _context3.abrupt("return", Array.from(signatureInputs.entries()).reduce(/*#__PURE__*/function () {
+            var _ref12 = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime().mark(function _callee2(prev, _ref11) {
+              var _key$algs;
+              var _ref13, name, input, signatureParams, _yield$Promise$all, _yield$Promise$all2, result, key, hasRequiredParams, hasRequiredFields, created, expires, fields, signingBase, base, signature;
+              return _regeneratorRuntime().wrap(function _callee2$(_context2) {
+                while (1) switch (_context2.prev = _context2.next) {
+                  case 0:
+                    _ref13 = _slicedToArray(_ref11, 2), name = _ref13[0], input = _ref13[1];
+                    signatureParams = Array.from(input[1].entries()).reduce(function (params, _ref14) {
+                      var _ref15 = _slicedToArray(_ref14, 2),
+                        key = _ref15[0],
+                        value = _ref15[1];
+                      if (value instanceof _structuredHeaders.ByteSequence) {
+                        Object.assign(params, _defineProperty({}, key, value.toBase64()));
+                      } else if (value instanceof _structuredHeaders.Token) {
+                        Object.assign(params, _defineProperty({}, key, value.toString()));
+                      } else if (key === "created" || key === "expired") {
+                        Object.assign(params, _defineProperty({}, key, new Date(value * 1000)));
+                      } else {
+                        Object.assign(params, _defineProperty({}, key, value));
+                      }
+                      return params;
+                    }, {});
+                    _context2.next = 4;
+                    return Promise.all([prev["catch"](function (e) {
+                      return e;
+                    }), config.keyLookup(signatureParams)]);
+                  case 4:
+                    _yield$Promise$all = _context2.sent;
+                    _yield$Promise$all2 = _slicedToArray(_yield$Promise$all, 2);
+                    result = _yield$Promise$all2[0];
+                    key = _yield$Promise$all2[1];
+                    if (!(config.all && !key)) {
+                      _context2.next = 10;
+                      break;
+                    }
+                    throw new Error("Unknown key");
+                  case 10:
+                    if (key) {
+                      _context2.next = 14;
+                      break;
+                    }
+                    if (!(result instanceof Error)) {
+                      _context2.next = 13;
+                      break;
+                    }
+                    throw result;
+                  case 13:
+                    return _context2.abrupt("return", result);
+                  case 14:
+                    if (!(input[1].has("alg") && ((_key$algs = key.algs) === null || _key$algs === void 0 ? void 0 : _key$algs.includes(input[1].get("alg"))) === false)) {
+                      _context2.next = 16;
+                      break;
+                    }
+                    throw new Error("Unsupported key algorithm");
+                  case 16:
+                    if ((0, _structuredHeaders.isInnerList)(input)) {
+                      _context2.next = 18;
+                      break;
+                    }
+                    throw new Error("Malformed signature input");
+                  case 18:
+                    hasRequiredParams = requiredParams.every(function (param) {
+                      return input[1].has(param);
+                    });
+                    if (hasRequiredParams) {
+                      _context2.next = 21;
+                      break;
+                    }
+                    throw new Error("Missing required signature parameters");
+                  case 21:
+                    // this could be tricky, what if we say "@method" but there is "@method;req"
+                    hasRequiredFields = requiredFields.every(function (field) {
+                      return input[0].some(function (_ref16) {
+                        var _ref17 = _slicedToArray(_ref16, 1),
+                          fieldName = _ref17[0];
+                        return fieldName === field;
+                      });
+                    });
+                    if (hasRequiredFields) {
+                      _context2.next = 24;
+                      break;
+                    }
+                    throw new Error("Missing required signed fields");
+                  case 24:
+                    if (!input[1].has("created")) {
+                      _context2.next = 28;
+                      break;
+                    }
+                    created = input[1].get("created") - tolerance; // maxAge overrides expires.
+                    // signature is older than maxAge
+                    if (!(maxAge && now - created > maxAge || created > notAfter)) {
+                      _context2.next = 28;
+                      break;
+                    }
+                    throw new Error("Signature is too old");
+                  case 28:
+                    if (!input[1].has("expires")) {
+                      _context2.next = 32;
+                      break;
+                    }
+                    expires = input[1].get("expires") + tolerance; // expired signature
+                    if (!(now > expires)) {
+                      _context2.next = 32;
+                      break;
+                    }
+                    throw new Error("Signature has expired");
+                  case 32:
+                    // now look to verify the signature! Build the expected "signing base" and verify it!
+                    fields = input[0].map(function (item) {
+                      return (0, _structuredHeaders.serializeItem)(item);
+                    });
+                    signingBase = createSignatureBase({
+                      fields: fields,
+                      componentParser: config.componentParser
+                    }, message, req);
+                    signingBase.push(['"@signature-params"', [(0, _structuredHeaders.serializeList)([input])]]);
+                    base = formatSignatureBase(signingBase);
+                    signature = signatures.get(name);
+                    if (signature) {
+                      _context2.next = 39;
+                      break;
+                    }
+                    throw new Error("No corresponding signature for input");
+                  case 39:
+                    if ((0, _structuredHeaders.isByteSequence)(signature[0])) {
+                      _context2.next = 41;
+                      break;
+                    }
+                    throw new Error("Malformed signature");
+                  case 41:
+                    return _context2.abrupt("return", key.verify(Buffer.from(base), Buffer.from(signature[0].toBase64(), "base64"), signatureParams));
+                  case 42:
+                  case "end":
+                    return _context2.stop();
+                }
+              }, _callee2);
+            }));
+            return function (_x7, _x8) {
+              return _ref12.apply(this, arguments);
+            };
+          }(), Promise.resolve(null)));
+        case 12:
+        case "end":
+          return _context3.stop();
+      }
+    }, _callee3);
+  }));
+  return _verifyMessage.apply(this, arguments);
+}

package/cjs/http-message-signatures/index.js

@@ -0,0 +1,26 @@
+"use strict";
+
+function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); }
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+var _exportNames = {
+  httpbis: true
+};
+exports.httpbis = exports["default"] = void 0;
+var httpbis = _interopRequireWildcard(require("./httpbis.js"));
+exports.httpbis = httpbis;
+exports["default"] = httpbis;
+Object.keys(httpbis).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
+  if (key in exports && exports[key] === httpbis[key]) return;
+  Object.defineProperty(exports, key, {
+    enumerable: true,
+    get: function get() {
+      return httpbis[key];
+    }
+  });
+});
+function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function _getRequireWildcardCache(e) { return e ? t : r; })(e); }
+function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != _typeof(e) && "function" != typeof e) return { "default": e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n["default"] = e, t && t.set(e, n), n; }