Use SHA256 instead of SHA1 for resource signature

SHA1 is not safe for signature, use sha256 instead. Closes-Bug: #1447904 Change-Id: I093464d9c1e30d317de75a4ac3d1d51f1c110114
2015-04-23 13:44:03 +08:00 · 2015-04-23 13:44:03 +08:00 · dc9c3945fe
parent 8a3aac038b
commit dc9c3945fe
2 changed files with 6 additions and 4 deletions
--- a/heat/engine/resources/stack_resource.py
+++ b/heat/engine/resources/stack_resource.py
@ -506,8 +506,8 @@ class StackResource(resource.Resource):
    def implementation_signature(self):
        schema_names = ([prop for prop in self.properties_schema] +
                        [at for at in self.attributes_schema])
-        schema_hash = hashlib.sha1(';'.join(schema_names))
+        schema_hash = hashlib.sha256(';'.join(schema_names))
        definition = {'template': self.child_template(),
                      'files': self.stack.t.files}
-        definition_hash = hashlib.sha1(jsonutils.dumps(definition))
+        definition_hash = hashlib.sha256(jsonutils.dumps(definition))
        return (schema_hash.hexdigest(), definition_hash.hexdigest())
--- a/heat/tests/test_stack_resource.py
+++ b/heat/tests/test_stack_resource.py
@ -201,8 +201,10 @@ class StackResourceTest(common.HeatTestCase):
        self.parent_resource.child_template = mock.Mock(
            return_value=self.simple_template)
        sig1, sig2 = self.parent_resource.implementation_signature()
-        self.assertEqual('3700dc2ae6ff4f0a236e7477ad6b8d51157f2153', sig1)
-        self.assertEqual('70e69545e0c47123159974c9166741085eb46dba', sig2)
+        self.assertEqual('3ce48c5d860e8e76087897376bc686d23591d4a00'
+                         'e8df8ec25e84e6bd83e70a6', sig1)
+        self.assertEqual('5a58b34cc3dd7f4e11fa35b63daad7b6b3aaa1744'
+                         '19eb1c42b75d102bdda5fc9', sig2)
        self.parent_stack.t.files["foo"] = "bar"
        sig1a, sig2a = self.parent_resource.implementation_signature()
        self.assertEqual(sig1, sig1a)