s3api: Simplify HashingInput signature

It's always called with sha256 and raises sha256-specific errors; we don't need to pretend to support arbitrary hashes. Change-Id: Icff79ded067084249080e3e6f555429261eb0af0
2025-02-19 16:54:32 -08:00
parent 8b6abfb85d
commit b49941c9b8
2 changed files with 10 additions and 16 deletions
--- a/swift/common/middleware/s3api/s3request.py
+++ b/swift/common/middleware/s3api/s3request.py
@@ -135,13 +135,13 @@ class S3InputSHA256Mismatch(BaseException):

 class HashingInput(object):
    """
-    wsgi.input wrapper to verify the hash of the input as it's read.
+    wsgi.input wrapper to verify the SHA256 of the input as it's read.
    """

-    def __init__(self, reader, content_length, hasher, expected_hex_hash):
+    def __init__(self, reader, content_length, expected_hex_hash):
        self._input = reader
        self._to_read = content_length
-        self._hasher = hasher()
+        self._hasher = sha256()
        self._expected = expected_hex_hash
        if content_length == 0 and \
                self._hasher.hexdigest() != self._expected.lower():
@@ -887,7 +887,6 @@ class S3Request(swob.Request):
            self.environ['wsgi.input'] = HashingInput(
                self.environ['wsgi.input'],
                self.content_length,
-                sha256,
                aws_sha256)
        # If no content-length, either client's trying to do a HTTP chunked
        # transfer, or a HTTP/1.0-style transfer (in which case swift will
--- a/test/unit/common/middleware/s3api/test_s3request.py
+++ b/test/unit/common/middleware/s3api/test_s3request.py
@@ -36,7 +36,6 @@ from swift.common.middleware.s3api.s3response import InvalidArgument, \
    AccessDenied, SignatureDoesNotMatch, RequestTimeTooSkewed, \
    InvalidPartArgument, InvalidPartNumber, InvalidRequest, \
    XAmzContentSHA256Mismatch
-from swift.common.utils import md5

 from test.debug_logger import debug_logger

@@ -1461,8 +1460,7 @@ class TestHashingInput(S3ApiTestCase):
    def test_good(self):
        raw = b'123456789'
        wrapped = HashingInput(
-            BytesIO(raw), 9, lambda: md5(usedforsecurity=False),
-            md5(raw, usedforsecurity=False).hexdigest())
+            BytesIO(raw), 9, hashlib.sha256(raw).hexdigest())
        self.assertEqual(b'1234', wrapped.read(4))
        self.assertEqual(b'56', wrapped.read(2))
        # trying to read past the end gets us whatever's left
@@ -1475,8 +1473,8 @@ class TestHashingInput(S3ApiTestCase):
        self.assertTrue(wrapped._input.closed)

    def test_empty(self):
-        wrapped = HashingInput(BytesIO(b''), 0, hashlib.sha256,
-                               hashlib.sha256(b'').hexdigest())
+        wrapped = HashingInput(
+            BytesIO(b''), 0, hashlib.sha256(b'').hexdigest())
        self.assertEqual(b'', wrapped.read(4))
        self.assertEqual(b'', wrapped.read(2))

@@ -1487,8 +1485,7 @@ class TestHashingInput(S3ApiTestCase):
    def test_too_long(self):
        raw = b'123456789'
        wrapped = HashingInput(
-            BytesIO(raw), 8, lambda: md5(usedforsecurity=False),
-            md5(raw, usedforsecurity=False).hexdigest())
+            BytesIO(raw), 8, hashlib.sha256(raw).hexdigest())
        self.assertEqual(b'1234', wrapped.read(4))
        self.assertEqual(b'56', wrapped.read(2))
        # even though the hash matches, there was more data than we expected
@@ -1503,8 +1500,7 @@ class TestHashingInput(S3ApiTestCase):
    def test_too_short(self):
        raw = b'123456789'
        wrapped = HashingInput(
-            BytesIO(raw), 10, lambda: md5(usedforsecurity=False),
-            md5(raw, usedforsecurity=False).hexdigest())
+            BytesIO(raw), 10, hashlib.sha256(raw).hexdigest())
        self.assertEqual(b'1234', wrapped.read(4))
        self.assertEqual(b'56', wrapped.read(2))
        # even though the hash matches, there was more data than we expected
@@ -1515,8 +1511,7 @@ class TestHashingInput(S3ApiTestCase):
    def test_bad_hash(self):
        raw = b'123456789'
        wrapped = HashingInput(
-            BytesIO(raw), 9, hashlib.sha256,
-            md5(raw, usedforsecurity=False).hexdigest())
+            BytesIO(raw), 9, hashlib.sha256().hexdigest())
        self.assertEqual(b'1234', wrapped.read(4))
        self.assertEqual(b'5678', wrapped.read(4))
        with self.assertRaises(S3InputSHA256Mismatch):
@@ -1528,7 +1523,7 @@ class TestHashingInput(S3ApiTestCase):
        self.assertFalse(_input.closed)
        with self.assertRaises(XAmzContentSHA256Mismatch):
            # Don't even get a chance to try to read it
-            HashingInput(_input, 0, hashlib.sha256, 'nope')
+            HashingInput(_input, 0, 'nope')
        self.assertTrue(_input.closed)