fix: 943 certificate.ts verify explicits encoding chain from JSON/str…

[lucanicoladebiasi]

Description

The code at packages/core/src/certificate/certificate.ts

• introduces the match method to verify if any binary encoded certificate matches with signer's address and signature,
• modifies the verify method to use match, this method explicits the transformation from certificate trough its JSON/string to its binary encoding used to compute the hash to match signer's address with signature.
  representation
• the

Fixes # 943

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• yarn test:solo

Test Configuration:

• Node.js Version: v20.14.0
• Yarn Version: 1.22.22

Checklist:

• My code follows the coding standards of this project
• I have performed a self-review of my code
• I have commented on my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• New and existing integration tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules
• I have not added any vulnerable dependencies to my code

[github-actions]

Test Coverage

Summary

Lines	Statements	Branches	Functions
	100% (3412/3412)	100% (794/794)	100% (705/705)

Title	Tests	Skipped	Failures	Errors	Time
core	498	0 💤	0 ❌	0 🔥	1m 6s ⏱️
network	658	0 💤	0 ❌	0 🔥	3m 55s ⏱️
errors	48	0 💤	0 ❌	0 🔥	10.553s ⏱️

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/code-frame@7.24.7	Transitive: environment	+9	85.1 kB
npm/@babel/core@7.24.7	None	+20	429 kB
npm/@babel/generator@7.24.7	None	+1	32 kB
npm/@babel/helper-plugin-utils@7.24.7	None	0	0 B
npm/@babel/parser@7.24.7	None	0	0 B
npm/@babel/runtime@7.24.7	None	+1	27.9 kB
npm/@babel/template@7.24.7	None	0	0 B
npm/@babel/types@7.24.7	None	+3	3.5 kB
npm/@nomicfoundation/hardhat-chai-matchers@2.0.7	None	+3	335 kB	kanej
npm/@nomicfoundation/hardhat-network-helpers@1.0.11	None	+1	423 kB	kanej
npm/@nomicfoundation/hardhat-verify@2.0.8	environment	+7	944 kB	kanej
npm/@types/node@20.14.2	None	+1	73.1 kB
npm/@vechain/sdk-core@1.0.0-beta.15	Transitive: network	+24	23.1 MB
npm/@vechain/sdk-ethers-adapter@1.0.0-beta.15	None	0	0 B
npm/@vechain/sdk-network@1.0.0-beta.15	Transitive: environment, filesystem, network	+13	3.64 MB
npm/caniuse-lite@1.0.30001628	None	0	0 B
npm/deep-eql@4.1.4	None	0	0 B
npm/prettier@3.3.1	None	0	0 B
npm/tailwindcss@3.4.4	Transitive: environment, filesystem, network, shell, unsafe	+33	2.6 MB
npm/turbo@1.13.4	None	+6	107 MB	turbobot

🚮 Removed packages: npm/@babel/code-frame@7.24.6, npm/@babel/core@7.24.6, npm/@babel/generator@7.24.6, npm/@babel/helper-plugin-utils@7.24.6, npm/@babel/parser@7.24.6, npm/@babel/runtime@7.24.6, npm/@babel/template@7.24.6, npm/@babel/types@7.24.6, npm/@eslint-community/regexpp@4.10.0, npm/@nomicfoundation/hardhat-chai-matchers@2.0.6, npm/@nomicfoundation/hardhat-network-helpers@1.0.10, npm/@nomicfoundation/hardhat-verify@2.0.7, npm/@types/node@20.12.13, npm/@types/node@20.14.1, npm/deep-eql@4.1.3, npm/hardhat@2.22.4, npm/prettier@3.2.5, npm/tailwindcss@3.4.3, npm/tsup@8.0.2, npm/turbo@1.13.3

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note
High entropy strings	npm/jiti@1.21.0	Location: Package overview
High entropy strings	npm/jiti@1.21.0	Location: Package overview
High entropy strings	npm/prettier@3.2.5	Location: Package overview

View full report↗︎

Next steps

What are high entropy strings?

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Please inspect these strings to check if these strings are benign. Maintainers should clarify the purpose and existence of high entropy strings if there is a legitimate purpose.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/jiti@1.21.0
• @SocketSecurity ignore npm/prettier@3.2.5

[rodolfopietro97]

@SocketSecurity ignore npm/jiti@1.21.0 npm/prettier@3.2.5