storacha · Gozala · Feb 28, 2023 · Feb 14, 2023 · Feb 15, 2023 · Feb 16, 2023
diff --git a/packages/client/test/fixtures.js b/packages/client/test/fixtures.js
@@ -1,6 +1,6 @@
 import * as ed25519 from '@ucanto/principal/ed25519'
 
-/** did:key:z6Mkqa4oY9Z5Pf5tUcjLHLUsDjKwMC95HGXdE1j22jkbhz6r */
+/** did:key:z6Mkk89bC3JrVqKie71YEcc5M1SMVxuCgNx6zLZ8SYJsxALi */
 export const alice = ed25519.parse(
   'MgCZT5vOnYZoVAeyjnzuJIVY9J4LNtJ+f8Js0cTPuKUpFne0BVEDJjEu6quFIU8yp91/TY/+MYK8GvlKoTDnqOCovCVM='
 )

diff --git a/packages/core/src/delegation.js b/packages/core/src/delegation.js
@@ -1,6 +1,10 @@
 import * as UCAN from '@ipld/dag-ucan'
+import * as Signature from '@ipld/dag-ucan/signature'
+import { from as toPrincipal } from '@ipld/dag-ucan/did'
 import * as API from '@ucanto/interface'
 import * as Link from './link.js'
+import * as CBOR from '@ipld/dag-cbor'
+import { sha256 } from 'multiformats/hashes/sha2'
 
 /**
  * @deprecated

diff --git a/packages/core/test/fixtures.js b/packages/core/test/fixtures.js
@@ -1,6 +1,6 @@
 import * as ed25519 from '@ucanto/principal/ed25519'
 
-/** did:key:z6Mkqa4oY9Z5Pf5tUcjLHLUsDjKwMC95HGXdE1j22jkbhz6r */
+/** did:key:z6Mkk89bC3JrVqKie71YEcc5M1SMVxuCgNx6zLZ8SYJsxALi */
 export const alice = ed25519.parse(
   'MgCZT5vOnYZoVAeyjnzuJIVY9J4LNtJ+f8Js0cTPuKUpFne0BVEDJjEu6quFIU8yp91/TY/+MYK8GvlKoTDnqOCovCVM='
 )

diff --git a/packages/interface/src/capability.ts b/packages/interface/src/capability.ts
@@ -18,7 +18,6 @@ import {
 export interface Source {
   capability: { can: Ability; with: URI; nb?: Caveats }
   delegation: Delegation
-  index: number
 }
 
 export interface Match<T = unknown, M extends Match = UnknownMatch>
@@ -207,13 +206,13 @@ export type InferCreateOptions<R extends Resource, C extends {} | undefined> =
 export type InferInvokeOptions<
   R extends Resource,
   C extends {} | undefined
-> = UCANOptions & { issuer: Signer } & InferCreateOptions<R, C>
+> = UCANOptions & { issuer: UCAN.Signer } & InferCreateOptions<R, C>
 
 export type InferDelegationOptions<
   R extends Resource,
   C extends {} | undefined
 > = UCANOptions & {
-  issuer: Signer
+  issuer: UCAN.Signer
   with: R
   nb?: Partial<InferCreateOptions<R, C>['nb']>
 }
@@ -414,7 +413,7 @@ export interface DIDKeyResolutionError extends Failure {
   readonly name: 'DIDKeyResolutionError'
   readonly did: UCAN.DID
 
-  readonly cause?: Unauthorized
+  readonly cause?: Failure
 }
 
 export interface Expired extends Failure {
@@ -436,6 +435,12 @@ export interface InvalidSignature extends Failure {
   readonly delegation: Delegation
 }
 
+export interface SessionEscalation extends Failure {
+  readonly name: 'SessionEscalation'
+  readonly delegation: Delegation
+  readonly cause: Failure
+}
+
 /**
  * Error produces by invalid proof
  */
@@ -444,6 +449,7 @@ export type InvalidProof =
   | NotValidBefore
   | InvalidSignature
   | InvalidAudience
+  | SessionEscalation
   | DIDKeyResolutionError
   | UnavailableProof
 

diff --git a/packages/interface/src/lib.ts b/packages/interface/src/lib.ts
@@ -107,7 +107,7 @@ export interface DelegationOptions<C extends Capabilities> extends UCANOptions {
    * the `audience` {@link Principal}.
    *
    */
-  issuer: Signer
+  issuer: UCAN.Signer
 
   /**
    * The `audience` for a {@link Delegation} is the party being delegated to, or the
@@ -224,7 +224,7 @@ export interface Invocation<C extends Capability = Capability>
 export interface InvocationOptions<C extends Capability = Capability>
   extends UCANOptions {
   /** The `issuer` of an invocation is the "caller" of the RPC method and the party that signs the invocation UCAN token. */
-  issuer: Signer
+  issuer: UCAN.Signer
 
   /** The {@link Capability} that is being invoked. */
   capability: C

diff --git a/packages/principal/package.json b/packages/principal/package.json
@@ -56,6 +56,9 @@
       ],
       "rsa": [
         "dist/src/rsa.d.ts"
+      ],
+      "account": [
+        "dist/src/account.d.ts"
       ]
     }
   },
@@ -71,6 +74,10 @@
     "./rsa": {
       "types": "./dist/src/rsa.d.ts",
       "import": "./src/rsa.js"
+    },
+    "./account": {
+      "types": "./dist/src/account.d.ts",
+      "import": "./src/account.js"
     }
   },
   "c8": {

diff --git a/packages/principal/src/account.js b/packages/principal/src/account.js
@@ -0,0 +1,41 @@
+import * as Signature from '@ipld/dag-ucan/signature'
+import * as UCAN from '@ipld/dag-ucan'
+
+/**
+ * @template {UCAN.DID} ID
+ * @param {{id: ID }} id
+ * @returns {UCAN.Signer<ID, Signature.NON_STANDARD>}
+ */
+export const from = ({ id }) => new Account(id)
+
+/**
+ * An account is a special type of signer that produces empty signature, which
+ * signals that verifier needs to verify authorization interactively.
+ *
+ * @template {UCAN.DID} ID
+ * @implements {UCAN.Signer<ID, Signature.NON_STANDARD>}
+ */
+class Account {
+  /**
+   * @param {ID} id
+   */
+  constructor(id) {
+    this.id = id
+  }
+  did() {
+    return this.id
+  }
+  /* c8 ignore next 3 */
+  get signatureCode() {
+    return Signature.NON_STANDARD
+  }
+  get signatureAlgorithm() {
+    return ''
+  }
+  sign() {
+    return Signature.createNonStandard(
+      this.signatureAlgorithm,
+      new Uint8Array(0)
+    )
+  }
+}
diff --git a/packages/principal/src/ed25519/signer.js b/packages/principal/src/ed25519/signer.js
@@ -65,7 +65,6 @@ export const from = ({ id, keys }) => {
   throw new TypeError(`Unsupported archive format`)
 }
 
-from
 /**
  * @template {API.SignerImporter} O
  * @param {O} other

diff --git a/packages/principal/src/lib.js b/packages/principal/src/lib.js
@@ -1,7 +1,8 @@
 import * as ed25519 from './ed25519.js'
 import * as RSA from './rsa.js'
+import * as Account from './account.js'
 
 export const Verifier = ed25519.Verifier.or(RSA.Verifier)
 export const Signer = ed25519.or(RSA)
 
-export { ed25519, RSA }
+export { ed25519, RSA, Account }
diff --git a/packages/principal/test/account.spec.js b/packages/principal/test/account.spec.js
@@ -0,0 +1,17 @@
+import { Account } from '../src/lib.js'
+import { assert } from 'chai'
+
+export const utf8 = new TextEncoder()
+describe('Account', async () => {
+  it('it can sign', async () => {
+    const account = Account.from({ id: 'did:mailto:[email protected]' })
+    assert.deepEqual(account.did(), 'did:mailto:[email protected]')
+    assert.deepEqual(account.signatureAlgorithm, '')
+    assert.deepEqual(account.signatureCode, 0xd000)
+
+    const signature = await account.sign(utf8.encode('hello world'))
+    assert.deepEqual(signature.code, 0xd000)
+    assert.deepEqual(signature.algorithm, '')
+    assert.deepEqual(signature.raw, new Uint8Array())
+  })
+})
diff --git a/packages/server/test/fixtures.js b/packages/server/test/fixtures.js
@@ -1,6 +1,6 @@
 import * as ed25519 from '@ucanto/principal/ed25519'
 
-/** did:key:z6Mkqa4oY9Z5Pf5tUcjLHLUsDjKwMC95HGXdE1j22jkbhz6r */
+/** did:key:z6Mkk89bC3JrVqKie71YEcc5M1SMVxuCgNx6zLZ8SYJsxALi */
 export const alice = ed25519.parse(
   'MgCZT5vOnYZoVAeyjnzuJIVY9J4LNtJ+f8Js0cTPuKUpFne0BVEDJjEu6quFIU8yp91/TY/+MYK8GvlKoTDnqOCovCVM='
 )

diff --git a/packages/transport/test/fixtures.js b/packages/transport/test/fixtures.js
@@ -1,6 +1,6 @@
 import * as ed25519 from '@ucanto/principal/ed25519'
 
-/** did:key:z6Mkqa4oY9Z5Pf5tUcjLHLUsDjKwMC95HGXdE1j22jkbhz6r */
+/** did:key:z6Mkk89bC3JrVqKie71YEcc5M1SMVxuCgNx6zLZ8SYJsxALi */
 export const alice = ed25519.parse(
   'MgCZT5vOnYZoVAeyjnzuJIVY9J4LNtJ+f8Js0cTPuKUpFne0BVEDJjEu6quFIU8yp91/TY/+MYK8GvlKoTDnqOCovCVM='
 )

diff --git a/packages/validator/src/error.js b/packages/validator/src/error.js
@@ -79,6 +79,30 @@ export class DelegationError extends Failure {
   }
 }
 
+/**
+ * @implements {API.SessionEscalation}
+ */
+export class SessionEscalation extends Failure {
+  /**
+   * @param {object} source
+   * @param {API.Delegation} source.delegation
+   * @param {API.Failure} source.cause
+   */
+  constructor({ delegation, cause }) {
+    super()
+    this.name = the('SessionEscalation')
+    this.delegation = delegation
+    this.cause = cause
+  }
+  describe() {
+    const issuer = this.delegation.issuer.did()
+    return [
+      `Delegation ${this.delegation.cid} issued by ${issuer} has an invalid session`,
+      li(this.cause.message),
+    ].join('\n')
+  }
+}
+
 /**
  * @implements {API.InvalidSignature}
  */
@@ -145,7 +169,7 @@ export class UnavailableProof extends Failure {
 export class DIDKeyResolutionError extends Failure {
   /**
    * @param {API.UCAN.DID} did
-   * @param {API.Unauthorized} [cause]
+   * @param {API.Failure} [cause]
    */
   constructor(did, cause) {
     super()
@@ -154,10 +178,7 @@ export class DIDKeyResolutionError extends Failure {
     this.cause = cause
   }
   describe() {
-    return [
-      `Unable to resolve '${this.did}' key`,
-      ...(this.cause ? [li(`Resolution failed: ${this.cause.message}`)] : []),
-    ].join('\n')
+    return `Unable to resolve '${this.did}' key`
   }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -65,7 +65,6 @@ export const from = ({ id, keys }) => { @@
       throw new TypeError(`Unsupported archive format`)
     }
-    from
     /**
      * @template {API.SignerImporter} O
      * @param {O} other
@@ Expand Down @@