tempurl: Deprecate sha1 signatures
We've known this would eventually be necessary for a while [1], and
way back in 2017 we started seeing SHA-1 collisions [2].
There's already a patch for Swfit from 2017[3], and this patch will
update tempest side.
[1] https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
[2] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
[3] https://review.opendev.org/c/openstack/swift/+/525771
Change-Id: I0e9073955604ada493ec64264c6a5932627e1138
diff --git a/tempest/api/object_storage/test_object_temp_url.py b/tempest/api/object_storage/test_object_temp_url.py
index e75e22a..4ca7412 100644
--- a/tempest/api/object_storage/test_object_temp_url.py
+++ b/tempest/api/object_storage/test_object_temp_url.py
@@ -78,7 +78,7 @@
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(
- key.encode(), hmac_body.encode(), hashlib.sha1
+ key.encode(), hmac_body.encode(), hashlib.sha256
).hexdigest()
url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,
diff --git a/tempest/api/object_storage/test_object_temp_url_negative.py b/tempest/api/object_storage/test_object_temp_url_negative.py
index 4ad8428..e5f4cf2 100644
--- a/tempest/api/object_storage/test_object_temp_url_negative.py
+++ b/tempest/api/object_storage/test_object_temp_url_negative.py
@@ -83,7 +83,7 @@
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(
- key.encode(), hmac_body.encode(), hashlib.sha1
+ key.encode(), hmac_body.encode(), hashlib.sha256
).hexdigest()
url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,