missed policybinding

sdk/src/main/java/io/opentdf/platform/sdk/HexString.java

@@ -9,9 +9,5 @@ public HexString(byte[] value) {
         this.value = value;
     }
 
-    String hexValue() {
-        return Hex.encodeHexString(value);
-    }
-
     byte[] byteValue() { return value; }
 }

sdk/src/main/java/io/opentdf/platform/sdk/TDF.java

@@ -276,10 +276,10 @@ private void prepareManifest(Config.TDFConfig tdfConfig, SDK.KAS kas) {
                 var hexBinding = new HexString(CryptoUtils.CalculateSHA256Hmac(symKey, base64PolicyObject.getBytes(StandardCharsets.UTF_8)));
                 var policyBinding = new Manifest.PolicyBinding();
                 policyBinding.alg = kHmacIntegrityAlgorithm;
-                policyBinding.hash = encoder.encodeToString(hexBinding.hexValue().getBytes(StandardCharsets.UTF_8));
+                policyBinding.hash = encoder.encodeToString(hexBinding.byteValue());
 
                 // Add meta data
-                var encryptedMetadata = new String();
+                var encryptedMetadata = "";
                 if (tdfConfig.metaData != null && !tdfConfig.metaData.trim().isEmpty()) {
                     AesGcm aesGcm = new AesGcm(symKey);
                     var encrypted = aesGcm.encrypt(tdfConfig.metaData.getBytes(StandardCharsets.UTF_8));
@@ -388,7 +388,8 @@ public void readPayload(OutputStream outputStream) throws TDFReadFailed,
 
                 } else {
                     var segmentSig = new HexString(digest.digest(readBuf));
-                    if (segment.hash.compareTo(segmentSig.hexValue()) != 0) {
+                    byte[] hash = Base64.getDecoder().decode(segment.hash);
+                    if (!Arrays.equals(hash, segmentSig.byteValue())) {
                         throw new SegmentSignatureMismatch("segment signature miss match");
                     }