eribeiro/solr_password.py

## solr_password.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-

import secrets
import sys
from hashlib import sha256
from base64 import b64encode, b64decode

##
## Based on the logic here: https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/security/Sha256AuthenticationProvider.java
##
## Usage:
## python solr_passwod.py <password> or python solr_password.py <password> <base_64_salt>
## or yet: cat password.txt | xargs python solr_password.py
##


def solr_hash_password(password: str, salt: str = None) -> (str, str):
    """
        Generates a password and salt to be used in Basic Auth Solr

        password: clean text password string
        salt (optional): base64 salt string
        returns: sha256 hash of password and salt (both base64 strings)
    """
    m = sha256()
    if salt is None:
        salt = secrets.token_bytes(32)
    else:
        salt = b64decode(salt)
    m.update(salt + password.encode('utf-8'))
    digest = m.digest()

    m = sha256()
    m.update(digest)
    digest = m.digest()

    cypher = b64encode(digest).decode('utf-8')
    salt = b64encode(salt).decode('utf-8')
    return cypher, salt


def check_solr_hash(password: str, cypher: str, salt: str) -> bool:
    m = sha256()
    m.update(b64decode(salt) + password.encode('utf-8'))
    digest = m.digest()

    m = sha256()
    m.update(digest)
    digest = m.digest()

    return b64encode(digest).decode('utf-8') == cypher


def test_hash_password():
    password = "SolrRocks"
    salt = "Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
    cypher = "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0="
    ret = solr_hash_password(password, salt)
    assert ret[0] == cypher, "sha256 hashing of password failed!"

    cypher, salt = solr_hash_password(password)
    assert solr_hash_password(password, salt) == (cypher, salt)


def test_hash_check():
    password = "SolrRocks"
    salt = "Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
    cypher = "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0="

    assert check_solr_hash(password, cypher, salt), "Sha256 password check failed!"


if __name__ == '__main__':
    if len(sys.argv) < 2 or len(sys.argv) > 3:
        print('Usage: %s <password> [salt_base64]' % sys.argv[0])
        sys.exit(0)

    if len(sys.argv) == 3:
        _salt = sys.argv[2]
    else:
        _salt = None
    print("%s %s" % solr_hash_password(sys.argv[1], _salt))
	#!/usr/bin/env python
	# -- coding: utf-8 --

	import secrets
	import sys
	from hashlib import sha256
	from base64 import b64encode, b64decode

	##
	## Based on the logic here: https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/security/Sha256AuthenticationProvider.java
	##
	## Usage:
	## python solr_passwod.py <password> or python solr_password.py <password> <base_64_salt>
	## or yet: cat password.txt \| xargs python solr_password.py
	##


	def solr_hash_password(password: str, salt: str = None) -> (str, str):
	"""
	Generates a password and salt to be used in Basic Auth Solr

	password: clean text password string
	salt (optional): base64 salt string
	returns: sha256 hash of password and salt (both base64 strings)
	"""
	m = sha256()
	if salt is None:
	salt = secrets.token_bytes(32)
	else:
	salt = b64decode(salt)
	m.update(salt + password.encode('utf-8'))
	digest = m.digest()

	m = sha256()
	m.update(digest)
	digest = m.digest()

	cypher = b64encode(digest).decode('utf-8')
	salt = b64encode(salt).decode('utf-8')
	return cypher, salt


	def check_solr_hash(password: str, cypher: str, salt: str) -> bool:
	m = sha256()
	m.update(b64decode(salt) + password.encode('utf-8'))
	digest = m.digest()

	m = sha256()
	m.update(digest)
	digest = m.digest()

	return b64encode(digest).decode('utf-8') == cypher


	def test_hash_password():
	password = "SolrRocks"
	salt = "Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
	cypher = "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0="
	ret = solr_hash_password(password, salt)
	assert ret[0] == cypher, "sha256 hashing of password failed!"

	cypher, salt = solr_hash_password(password)
	assert solr_hash_password(password, salt) == (cypher, salt)


	def test_hash_check():
	password = "SolrRocks"
	salt = "Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
	cypher = "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0="

	assert check_solr_hash(password, cypher, salt), "Sha256 password check failed!"


	if __name__ == '__main__':
	if len(sys.argv) < 2 or len(sys.argv) > 3:
	print('Usage: %s <password> [salt_base64]' % sys.argv[0])
	sys.exit(0)

	if len(sys.argv) == 3:
	_salt = sys.argv[2]
	else:
	_salt = None
	print("%s %s" % solr_hash_password(sys.argv[1], _salt))