chore: add tests for eip55 cacaos

event/src/unvalidated/signed/mod.rs

@@ -12,7 +12,7 @@ use serde::{Deserialize, Serialize};
 
 use ceramic_car::sync::{CarHeader, CarWriter};
 use ceramic_core::{signer::Signer, DidDocument, Jwk, SerializeExt};
-use ssi::jwk::Algorithm;
+use ssi::{jwk::Algorithm, jws::Header};
 
 use crate::{bytes::Bytes, unvalidated::Payload};
 
@@ -211,20 +211,12 @@ impl Envelope {
 
     /// Construct the jws header from the signature protected bytes
     pub fn jws_header(&self) -> Result<ssi::jws::Header, anyhow::Error> {
-        let (protected, _signature) = match self.signatures.first() {
-            Some(sig) => (
-                sig.protected
-                    .as_ref()
-                    .ok_or_else(|| anyhow::anyhow!("Missing protected field"))?
-                    .as_slice(),
-                sig.signature.as_ref(),
-            ),
+        match self.signatures.first() {
+            Some(sig) => sig.jws_header(),
             None => {
                 anyhow::bail!("signature is missing")
             }
-        };
-        let header: ssi::jws::Header = serde_json::from_slice(protected)?;
-        Ok(header)
+        }
     }
 }
 
@@ -253,6 +245,16 @@ impl Signature {
     pub fn signature(&self) -> &Bytes {
         &self.signature
     }
+
+    /// Get the protected data as a JWS header
+    pub fn jws_header(&self) -> anyhow::Result<Header> {
+        let protected = self
+            .protected
+            .as_ref()
+            .ok_or_else(|| anyhow::anyhow!("Missing protected field"))?
+            .as_slice();
+        Ok(serde_json::from_slice(protected)?)
+    }
 }
 
 #[derive(Debug, Serialize, Deserialize)]

validation/src/signature/pkh_ethereum.rs

@@ -23,12 +23,8 @@ static LEGACY_CHAIN_ID_REORG_DATE: Lazy<chrono::DateTime<Utc>> = Lazy::new(|| {
 pub struct PkhEthereum {}
 
 impl PkhEthereum {
-    /// Verify a cacao generated using SIWE (did:pkh:eip155 with eip4361 capability)
+    /// Verify a cacao generated using SIWE (did:pkh:eip155 with eip4361 capability and eip191 signature type)
     pub fn verify(cacao: &Capability) -> anyhow::Result<()> {
-        Self::verify_eip191_signature(cacao)
-    }
-
-    fn verify_eip191_signature(cacao: &Capability) -> anyhow::Result<()> {
         let issuer = BlockchainAccountId::from_str(&cacao.payload.issuer.replace("did:pkh:", ""))?
             .account_address
             .to_lowercase();
@@ -58,7 +54,7 @@ impl PkhEthereum {
             .unwrap_or_default();
         }
         if recovered != issuer {
-            anyhow::bail!("Signature does not belong to the issuer");
+            anyhow::bail!("Signature by {recovered} does not belong to the issuer {issuer}");
         }
         Ok(())
     }

validation/src/verifier/cacao_verifier.rs

@@ -5,7 +5,7 @@ use ceramic_event::unvalidated::signed::cacao::{Capability, HeaderType, Signatur
 use ssi::did_resolve::ResolutionInputMetadata;
 
 use super::{
-    jws::{verify_jws, SortedJwsMetadata, VerifyJwsInput},
+    jws::{jws_digest, verify_jws, SortedJwsMetadata, VerifyJwsInput},
     opts::VerifyCacaoOpts,
 };
 
@@ -73,8 +73,7 @@ impl Verifier for Capability {
                         .map_err(|e| anyhow::anyhow!("invalid signature: {}", e))?;
                     verify_jws(VerifyJwsInput {
                         jwk: &jwk,
-                        header: header.as_slice(),
-                        payload: payload.as_slice(),
+                        jws_digest: &jws_digest(header.as_slice(), payload.as_slice()),
                         alg: self.signature.r#type.algorithm(),
                         signature: &sig,
                     })