Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add tests for eip55 cacaos #636

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 14 additions & 12 deletions event/src/unvalidated/signed/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use serde::{Deserialize, Serialize};

use ceramic_car::sync::{CarHeader, CarWriter};
use ceramic_core::{signer::Signer, DidDocument, Jwk, SerializeExt};
use ssi::jwk::Algorithm;
use ssi::{jwk::Algorithm, jws::Header};

use crate::{bytes::Bytes, unvalidated::Payload};

Expand Down Expand Up @@ -211,20 +211,12 @@ impl Envelope {

/// Construct the jws header from the signature protected bytes
pub fn jws_header(&self) -> Result<ssi::jws::Header, anyhow::Error> {
let (protected, _signature) = match self.signatures.first() {
Some(sig) => (
sig.protected
.as_ref()
.ok_or_else(|| anyhow::anyhow!("Missing protected field"))?
.as_slice(),
sig.signature.as_ref(),
),
match self.signatures.first() {
Some(sig) => sig.jws_header(),
None => {
anyhow::bail!("signature is missing")
}
};
let header: ssi::jws::Header = serde_json::from_slice(protected)?;
Ok(header)
}
}
}

Expand Down Expand Up @@ -253,6 +245,16 @@ impl Signature {
pub fn signature(&self) -> &Bytes {
&self.signature
}

/// Get the protected data as a JWS header
pub fn jws_header(&self) -> anyhow::Result<Header> {
let protected = self
.protected
.as_ref()
.ok_or_else(|| anyhow::anyhow!("Missing protected field"))?
.as_slice();
Ok(serde_json::from_slice(protected)?)
}
}

#[derive(Debug, Serialize, Deserialize)]
Expand Down
8 changes: 2 additions & 6 deletions validation/src/signature/pkh_ethereum.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,8 @@ static LEGACY_CHAIN_ID_REORG_DATE: Lazy<chrono::DateTime<Utc>> = Lazy::new(|| {
pub struct PkhEthereum {}

impl PkhEthereum {
/// Verify a cacao generated using SIWE (did:pkh:eip155 with eip4361 capability)
/// Verify a cacao generated using SIWE (did:pkh:eip155 with eip4361 capability and eip191 signature type)
pub fn verify(cacao: &Capability) -> anyhow::Result<()> {
Self::verify_eip191_signature(cacao)
}

fn verify_eip191_signature(cacao: &Capability) -> anyhow::Result<()> {
let issuer = BlockchainAccountId::from_str(&cacao.payload.issuer.replace("did:pkh:", ""))?
.account_address
.to_lowercase();
Expand Down Expand Up @@ -58,7 +54,7 @@ impl PkhEthereum {
.unwrap_or_default();
}
if recovered != issuer {
anyhow::bail!("Signature does not belong to the issuer");
anyhow::bail!("Signature by {recovered} does not belong to the issuer {issuer}");
}
Ok(())
}
Expand Down
5 changes: 2 additions & 3 deletions validation/src/verifier/cacao_verifier.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use ceramic_event::unvalidated::signed::cacao::{Capability, HeaderType, Signatur
use ssi::did_resolve::ResolutionInputMetadata;

use super::{
jws::{verify_jws, SortedJwsMetadata, VerifyJwsInput},
jws::{jws_digest, verify_jws, SortedJwsMetadata, VerifyJwsInput},
opts::VerifyCacaoOpts,
};

Expand Down Expand Up @@ -73,8 +73,7 @@ impl Verifier for Capability {
.map_err(|e| anyhow::anyhow!("invalid signature: {}", e))?;
verify_jws(VerifyJwsInput {
jwk: &jwk,
header: header.as_slice(),
payload: payload.as_slice(),
jws_digest: &jws_digest(header.as_slice(), payload.as_slice()),
alg: self.signature.r#type.algorithm(),
signature: &sig,
})
Expand Down
Loading
Loading