Skip to content

Instantly share code, notes, and snippets.

@eribeiro

eribeiro/solr_password.py

Created November 27, 2020 17:07
Show Gist options
  • Save eribeiro/aaa3f7e62750aa8a5799dde035179010 to your computer and use it in GitHub Desktop.
Save eribeiro/aaa3f7e62750aa8a5799dde035179010 to your computer and use it in GitHub Desktop.
Download ZIP
Generates sha256 password with salt for use in Solr's Basic Auth setup
Raw
solr_password.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import secrets
import sys
from hashlib import sha256
from base64 import b64encode, b64decode
##
## Based on the logic here: https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/security/Sha256AuthenticationProvider.java
##
## Usage:
## python solr_passwod.py <password> or python solr_password.py <password> <base_64_salt>
## or yet: cat password.txt | xargs python solr_password.py
##
def solr_hash_password(password: str, salt: str = None) -> (str, str):
"""
Generates a password and salt to be used in Basic Auth Solr
password: clean text password string
salt (optional): base64 salt string
returns: sha256 hash of password and salt (both base64 strings)
"""
m = sha256()
if salt is None:
salt = secrets.token_bytes(32)
else:
salt = b64decode(salt)
m.update(salt + password.encode('utf-8'))
digest = m.digest()
m = sha256()
m.update(digest)
digest = m.digest()
cypher = b64encode(digest).decode('utf-8')
salt = b64encode(salt).decode('utf-8')
return cypher, salt
def check_solr_hash(password: str, cypher: str, salt: str) -> bool:
m = sha256()
m.update(b64decode(salt) + password.encode('utf-8'))
digest = m.digest()
m = sha256()
m.update(digest)
digest = m.digest()
return b64encode(digest).decode('utf-8') == cypher
def test_hash_password():
password = "SolrRocks"
salt = "Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
cypher = "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0="
ret = solr_hash_password(password, salt)
assert ret[0] == cypher, "sha256 hashing of password failed!"
cypher, salt = solr_hash_password(password)
assert solr_hash_password(password, salt) == (cypher, salt)
def test_hash_check():
password = "SolrRocks"
salt = "Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
cypher = "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0="
assert check_solr_hash(password, cypher, salt), "Sha256 password check failed!"
if __name__ == '__main__':
if len(sys.argv) < 2 or len(sys.argv) > 3:
print('Usage: %s <password> [salt_base64]' % sys.argv[0])
sys.exit(0)
if len(sys.argv) == 3:
_salt = sys.argv[2]
else:
_salt = None
print("%s %s" % solr_hash_password(sys.argv[1], _salt))
@edwardoliveira
Copy link 

SECURITY_FILE_TEMPLATE = """
   {
        "authentication":{
        "blockUnknown": true,
        "class":"solr.BasicAuthPlugin",
        "credentials":{"%s":"%s %s"},
        "forwardCredentials": false,
        "realm": "Solr Login"
        },
        "authorization":{
            "class":"solr.RuleBasedAuthorizationPlugin",
            "permissions":[{"name":"security-edit", "role":"admin"}],
            "user-role":{"%s":"admin"}
        }
    }
"""

def create_security_file(username, password):
    print("Creating security.json file...")
    with open("security.json", "w") as f:
        cypher, salt = solr_hash_password(password)
        f.write(SECURITY_FILE_TEMPLATE % (username, cypher, salt, username))
    print("file created!")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment