store signature as raw bytes, not base32

2025-04-13 22:03:04 +00:00 · 2023-02-21 14:19:44 -07:00 · 2023-02-21 14:19:44 -07:00 · 82045b4298
commit 82045b4298
parent 1b6d5e1bda
3 changed files with 15 additions and 8 deletions
--- a/src/allmydata/cli/grid_manager.py
+++ b/src/allmydata/cli/grid_manager.py
@ -196,7 +196,7 @@ def sign(ctx, name, expiry_days):
            "No storage-server called '{}' exists".format(name)
        )

-    certificate_data = json.dumps(certificate.asdict(), indent=4)
+    certificate_data = json.dumps(certificate.marshal(), indent=4)
    click.echo(certificate_data)
    if fp is not None:
        next_serial = 0
--- a/src/allmydata/grid_manager.py
+++ b/src/allmydata/grid_manager.py
@ -39,7 +39,8 @@ class SignedCertificate(object):
    # A JSON-encoded, UTF-8-encoded certificate.
    certificate : bytes

-    # The signature in base32.
+    # The signature (although the signature is in base32 in "public",
+    # this contains the decoded raw bytes -- not base32)
    signature : bytes

    @classmethod
@ -47,11 +48,17 @@ class SignedCertificate(object):
        data = json.load(file_like)
        return cls(
            certificate=data["certificate"].encode("utf-8"),
-            signature=data["signature"].encode("ascii")
+            signature=base32.a2b(data["signature"].encode("ascii")),
        )

-    def asdict(self):
-        return asdict(self)
+    def marshal(self):
+        """
+        :return dict: a json-able dict
+        """
+        return dict(
+            certificate=self.certificate,
+            signature=base32.b2a(self.signature),
+        )


@frozen
@ -261,7 +268,7 @@ class _GridManager(object):
        sig = ed25519.sign_data(self._private_key, cert_data)
        certificate = SignedCertificate(
            certificate=cert_data,
-            signature=base32.b2a(sig),
+            signature=sig,
        )
        vk = ed25519.verifying_key_from_signing_key(self._private_key)
        ed25519.verify_signature(vk, sig, cert_data)
@ -388,7 +395,7 @@ def validate_grid_manager_certificate(gm_key, alleged_cert):
    try:
        ed25519.verify_signature(
            gm_key,
-            base32.a2b(alleged_cert.signature),
+            alleged_cert.signature,
            alleged_cert.certificate,
        )
    except ed25519.BadSignature:
--- a/src/allmydata/test/test_grid_manager.py
+++ b/src/allmydata/test/test_grid_manager.py
@ -175,7 +175,7 @@ class GridManagerVerifier(SyncTestCase):
        self.assertEqual(
            ed25519.verify_signature(
                gm_key,
-                base32.a2b(cert0.signature),
+                cert0.signature,
                cert0.certificate,
            ),
            None