From 871644309444a77555af0c7f70ce7314ccfd940c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20N=C3=BA=C3=B1ez?= <david@nucypher.com>
Date: Thu, 21 Mar 2019 12:39:41 +0100
Subject: [PATCH] Don't sign task.signature, as it's already part of cfrag's
 metadata

---
 nucypher/network/server.py | 4 +++-
 nucypher/policy/models.py  | 9 +++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/nucypher/network/server.py b/nucypher/network/server.py
index 84897bce6..5ba2ad5ff 100644
--- a/nucypher/network/server.py
+++ b/nucypher/network/server.py
@@ -334,7 +334,9 @@ def make_rest_app(
             capsule.set_correctness_keys(verifying=alices_verifying_key)
             cfrag = pre.reencrypt(kfrag, capsule, metadata=reencryption_metadata)
             log.info(f"Re-encrypting for {capsule}, made {cfrag}.")
-            reencryption_signature = stamp(bytes(task.signature) + bytes(cfrag))
+
+            # Finally, Ursula commits to her result
+            reencryption_signature = stamp(bytes(cfrag))
             cfrag_byte_stream += VariableLengthBytestring(cfrag) + reencryption_signature
 
         # TODO: Put this in Ursula's datastore
diff --git a/nucypher/policy/models.py b/nucypher/policy/models.py
index f116f7951..3626bf133 100644
--- a/nucypher/policy/models.py
+++ b/nucypher/policy/models.py
@@ -679,14 +679,15 @@ class WorkOrder:
             metadata_input = bytes(task.signature)
             metadata_as_signature = Signature.from_bytes(cfrag.proof.metadata)
             if not metadata_as_signature.verify(metadata_input, ursula_verifying_key):
-                raise InvalidSignature("Invalid metadata for {}.".format(cfrag))
+                raise InvalidSignature(f"Invalid metadata for {cfrag}.")
+                # TODO: Instead of raising, we should do something
 
             # Validate re-encryption signatures
-            if reencryption_signature.verify(bytes(task.signature) + bytes(cfrag),
-                                             ursula_verifying_key):
+            if reencryption_signature.verify(bytes(cfrag), ursula_verifying_key):
                 good_cfrags.append(cfrag)
             else:
-                raise InvalidSignature("{} is not properly signed by Ursula.".format(cfrag))
+                raise InvalidSignature(f"{cfrag} is not properly signed by Ursula.")
+                # TODO: Instead of raising, we should do something
 
         for task, (cfrag, reencryption_signature) in zip(self.tasks, cfrags_and_signatures):
             task.attach_work_result(cfrag, reencryption_signature)