From 82045b4298ea8eb4516b9e0639f6c856d21509f1 Mon Sep 17 00:00:00 2001
From: meejah <meejah@meejah.ca>
Date: Tue, 21 Feb 2023 14:19:44 -0700
Subject: [PATCH] store signature as raw bytes, not base32

---
 src/allmydata/cli/grid_manager.py       |  2 +-
 src/allmydata/grid_manager.py           | 19 +++++++++++++------
 src/allmydata/test/test_grid_manager.py |  2 +-
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/src/allmydata/cli/grid_manager.py b/src/allmydata/cli/grid_manager.py
index 220f091cd..433e30434 100644
--- a/src/allmydata/cli/grid_manager.py
+++ b/src/allmydata/cli/grid_manager.py
@@ -196,7 +196,7 @@ def sign(ctx, name, expiry_days):
             "No storage-server called '{}' exists".format(name)
         )
 
-    certificate_data = json.dumps(certificate.asdict(), indent=4)
+    certificate_data = json.dumps(certificate.marshal(), indent=4)
     click.echo(certificate_data)
     if fp is not None:
         next_serial = 0
diff --git a/src/allmydata/grid_manager.py b/src/allmydata/grid_manager.py
index 31c342ed6..a17a1fab5 100644
--- a/src/allmydata/grid_manager.py
+++ b/src/allmydata/grid_manager.py
@@ -39,7 +39,8 @@ class SignedCertificate(object):
     # A JSON-encoded, UTF-8-encoded certificate.
     certificate : bytes
 
-    # The signature in base32.
+    # The signature (although the signature is in base32 in "public",
+    # this contains the decoded raw bytes -- not base32)
     signature : bytes
 
     @classmethod
@@ -47,11 +48,17 @@ class SignedCertificate(object):
         data = json.load(file_like)
         return cls(
             certificate=data["certificate"].encode("utf-8"),
-            signature=data["signature"].encode("ascii")
+            signature=base32.a2b(data["signature"].encode("ascii")),
         )
 
-    def asdict(self):
-        return asdict(self)
+    def marshal(self):
+        """
+        :return dict: a json-able dict
+        """
+        return dict(
+            certificate=self.certificate,
+            signature=base32.b2a(self.signature),
+        )
 
 
 @frozen
@@ -261,7 +268,7 @@ class _GridManager(object):
         sig = ed25519.sign_data(self._private_key, cert_data)
         certificate = SignedCertificate(
             certificate=cert_data,
-            signature=base32.b2a(sig),
+            signature=sig,
         )
         vk = ed25519.verifying_key_from_signing_key(self._private_key)
         ed25519.verify_signature(vk, sig, cert_data)
@@ -388,7 +395,7 @@ def validate_grid_manager_certificate(gm_key, alleged_cert):
     try:
         ed25519.verify_signature(
             gm_key,
-            base32.a2b(alleged_cert.signature),
+            alleged_cert.signature,
             alleged_cert.certificate,
         )
     except ed25519.BadSignature:
diff --git a/src/allmydata/test/test_grid_manager.py b/src/allmydata/test/test_grid_manager.py
index c282d1237..95395f12e 100644
--- a/src/allmydata/test/test_grid_manager.py
+++ b/src/allmydata/test/test_grid_manager.py
@@ -175,7 +175,7 @@ class GridManagerVerifier(SyncTestCase):
         self.assertEqual(
             ed25519.verify_signature(
                 gm_key,
-                base32.a2b(cert0.signature),
+                cert0.signature,
                 cert0.certificate,
             ),
             None