tempurl: Deprecate sha1 signatures

We've known this would eventually be necessary for a while [1], and way back in 2017 we started seeing SHA-1 collisions [2]. There's already a patch for Swfit from 2017[3], and this patch will update tempest side. [1] https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html [2] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html [3] https://review.opendev.org/c/openstack/swift/+/525771 Change-Id: I0e9073955604ada493ec64264c6a5932627e1138
2022-03-09 09:46:57 +00:00
parent 569c7a89f5
commit 7f47790895
2 changed files with 2 additions and 2 deletions
--- a/tempest/api/object_storage/test_object_temp_url.py
+++ b/tempest/api/object_storage/test_object_temp_url.py
@@ -78,7 +78,7 @@ class ObjectTempUrlTest(base.BaseObjectTest):

        hmac_body = '%s\n%s\n%s' % (method, expires, path)
        sig = hmac.new(
-            key.encode(), hmac_body.encode(), hashlib.sha1
+            key.encode(), hmac_body.encode(), hashlib.sha256
        ).hexdigest()

        url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,
--- a/tempest/api/object_storage/test_object_temp_url_negative.py
+++ b/tempest/api/object_storage/test_object_temp_url_negative.py
@@ -83,7 +83,7 @@ class ObjectTempUrlNegativeTest(base.BaseObjectTest):

        hmac_body = '%s\n%s\n%s' % (method, expires, path)
        sig = hmac.new(
-            key.encode(), hmac_body.encode(), hashlib.sha1
+            key.encode(), hmac_body.encode(), hashlib.sha256
        ).hexdigest()

        url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,