Hashes revocation review: base64-encode instead of serde roundtrip.

Amanjeev Sethi · Amanjeev Sethi · commit 7733b97be503 · 2024-05-22T11:51:43.000-04:00
Reviewed-by: Pietro Albini <pietro.albini@ferrous-systems.com> Ticket: https://ferroussystems.clickup.com/t/86947z6fp
diff --git a/crates/criticaltrust/src/errors.rs b/crates/criticaltrust/src/errors.rs
@@ -38,6 +38,4 @@ pub enum Error {
             aws_smithy_runtime_api::client::orchestrator::HttpResponse,
         >,
     ),
-    #[error("failed verification while converting signature to string")]
-    SignatureConversionFailure,
 }
diff --git a/crates/criticaltrust/src/keys/public.rs b/crates/criticaltrust/src/keys/public.rs
@@ -5,6 +5,7 @@ use crate::manifests::RevocationInfo;
 use crate::sha256::hash_sha256;
 use crate::signatures::{PublicKeysRepository, Signable, SignedPayload};
 use crate::Error;
+use base64::Engine;
 use serde::{Deserialize, Serialize};
 use time::OffsetDateTime;
 
@@ -51,13 +52,11 @@ impl PublicKey {
                 return Err(Error::VerificationFailed);
             }
 
-            let signature_as_string = match serde_json::to_string(signature) {
-                Ok(sig) => sig,
-                Err(_) => return Err(Error::SignatureConversionFailure),
-            };
+            let based_signature =
+                base64::engine::general_purpose::STANDARD.encode(signature.as_bytes());
             if verified_revoked_content
                 .revoked_content_sha256
-                .contains(&signature_as_string)
+                .contains(&based_signature)
             {
                 return Err(Error::VerificationFailed);
             }

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,4 @@ pub enum Error {`
`38`	`38`	`aws_smithy_runtime_api::client::orchestrator::HttpResponse,`
`39`	`39`	`>,`
`40`	`40`	`),`
`41`		`- #[error("failed verification while converting signature to string")]`
`42`		`- SignatureConversionFailure,`
`43`	`41`	`}`