From 1e355dc14a21d32b5aa1f1af8f74f3165f74d483 Mon Sep 17 00:00:00 2001 From: jgough Date: Thu, 7 Dec 2023 10:32:26 +0000 Subject: [PATCH] Ensure we pass in and out cbor instead of base64 AB#8867 --- scitt/create_signed_statement.py | 13 +++++-------- scitt/verify_receipt_signature.py | 22 ++++++++++------------ 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/scitt/create_signed_statement.py b/scitt/create_signed_statement.py index c8db93b..e742582 100755 --- a/scitt/create_signed_statement.py +++ b/scitt/create_signed_statement.py @@ -4,7 +4,6 @@ import json import argparse -from base64 import b64encode from typing import Optional from pycose.messages import Sign1Message @@ -52,6 +51,7 @@ def open_payload(payload_file: str) -> str: """ opens the payload from the payload file. NOTE: the payload is expected to be in json format. + however, any payload of type bytes is allowed. """ with open(payload_file, encoding="UTF-8") as file: payload = json.loads(file.read()) @@ -124,10 +124,7 @@ def create_signed_statement( # NOTE: the encode() function performs the signing automatically signed_statement = statement.encode([None]) - # base64 encode the signed statement - signed_statement_b64 = b64encode(signed_statement) - - return signed_statement_b64 + return signed_statement def main(): @@ -179,7 +176,7 @@ def main(): "--output-file", type=str, help="name of the output file to store the signed statement.", - default="signed-statement.txt", + default="signed-statement.cbor", ) args = parser.parse_args() @@ -195,8 +192,8 @@ def main(): args.content_type, ) - with open(args.output_file, "w", encoding="UTF-8") as output_file: - output_file.write(signed_statement.decode("utf-8")) + with open(args.output_file, "wb") as output_file: + output_file.write(signed_statement) if __name__ == "__main__": diff --git a/scitt/verify_receipt_signature.py b/scitt/verify_receipt_signature.py index f7f7c83..9111d91 100644 --- a/scitt/verify_receipt_signature.py +++ b/scitt/verify_receipt_signature.py @@ -1,7 +1,6 @@ """ Module for verifying the counter signed receipt signature """ import re -from base64 import b64decode import argparse import requests @@ -19,12 +18,12 @@ HEADER_LABEL_DID = 391 -def open_receipt(receipt_file: str) -> str: +def open_receipt(receipt_file: str) -> bytes: """ opens the receipt from the receipt file. - NOTE: the receipt is expected to be in base64 encoding. + NOTE: the receipt is expected to be in cbor encoding. """ - with open(receipt_file, encoding="UTF-8") as file: + with open(receipt_file, "rb") as file: receipt = file.read() return receipt @@ -92,16 +91,13 @@ def get_didweb_pubkey(didurl: str, kid: bytes) -> dict: raise ValueError(f"no key with kid: {kid} in verification methods of did document") -def verify_receipt(receipt: str) -> bool: +def verify_receipt(receipt: bytes) -> bool: """ verifies the counter signed receipt signature """ - # base64 decode the receipt into a cose sign1 message - b64decoded_message = b64decode(receipt) - # decode the cbor encoded cose sign1 message - message = Sign1Message.decode(b64decoded_message) + message = Sign1Message.decode(receipt) # get the verification key from didweb kid: bytes = message.phdr[KID] @@ -121,14 +117,16 @@ def verify_receipt(receipt: str) -> bool: def main(): """Verifies a counter signed receipt signature""" - parser = argparse.ArgumentParser(description="Create a signed statement.") + parser = argparse.ArgumentParser( + description="Verify a counter signed receipt signature." + ) # signing key file parser.add_argument( "--receipt-file", type=str, - help="filepath to the stored receipt, in base64 format.", - default="scitt-receipt.txt", + help="filepath to the stored receipt, in cbor format.", + default="scitt-receipt.cbor", ) args = parser.parse_args()