Re: Problem with Password Decryption in Data Import Handler

Jamie Jackson Wed, 02 Nov 2016 11:38:01 -0700

I'm at a brick wall. Here's the latest status:

Here are some sample commands that I'm using:


*Create the encryptKeyFile and encrypted password:*


encrypter_password='this_is_my_encrypter_password'
plain_db_pw='Oakton153'

cd /var/docker/solr_stage2/credentials/
echo -n "${encrypter_password}" > encpwd.txt
echo -n "${plain_db_pwd}" > plaindbpwd.txt
openssl enc -aes-128-cbc -a -salt -in plaindbpwd.txt -k
"${encrypter_password}"

rm plaindbpwd.txt

That generated this as the password, by the way:

U2FsdGVkX19pBVTeZaSl43gFFAlrx+Th1zSg1GvlX9o=

*Configure DIH configuration:*

<dataConfig>

<dataSource
driver="org.mariadb.jdbc.Driver"
url="jdbc:mysql://local.mysite.com:3306/mysite"
user="root"
password="U2FsdGVkX19pBVTeZaSl43gFFAlrx+Th1zSg1GvlX9o="
encryptKeyFile="/opt/solr/credentials/encpwd.txt"
/>
...


By the way, /var/docker/solr_stage2/credentials/ is mapped to
/opt/solr/credentials/ in the docker container, so that's why the paths
*seem* different (but aren't, really).


*Authentication error when data import is run:*

Exception while processing: question document :
SolrInputDocument(fields:
[]):org.apache.solr.handler.dataimport.DataImportHandlerException:
Unable to execute query:     select     'foo' as bar;    Processing
Document # 1
        at 
org.apache.solr.handler.dataimport.DataImportHandlerException.wrapAndThrow(DataImportHandlerException.java:69)
        at 
org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:323)
        at 
org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:283)
        at 
org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:52)
        at 
org.apache.solr.handler.dataimport.SqlEntityProcessor.initQuery(SqlEntityProcessor.java:59)
        at 
org.apache.solr.handler.dataimport.SqlEntityProcessor.nextRow(SqlEntityProcessor.java:73)
        at 
org.apache.solr.handler.dataimport.EntityProcessorWrapper.nextRow(EntityProcessorWrapper.java:244)
        at 
org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:475)
        at 
org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:414)
        at 
org.apache.solr.handler.dataimport.DocBuilder.doFullDump(DocBuilder.java:329)
        at 
org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:232)
        at 
org.apache.solr.handler.dataimport.DataImporter.doFullImport(DataImporter.java:416)
        at 
org.apache.solr.handler.dataimport.DataImporter.runCmd(DataImporter.java:480)
        at 
org.apache.solr.handler.dataimport.DataImporter$1.run(DataImporter.java:461)
Caused by: java.sql.SQLInvalidAuthorizationSpecException: Could not
connect: Access denied for user 'root'@'ICZ2002912' (using password:
NO)
        at 
org.mariadb.jdbc.internal.util.ExceptionMapper.get(ExceptionMapper.java:123)
        at 
org.mariadb.jdbc.internal.util.ExceptionMapper.throwException(ExceptionMapper.java:71)
        at org.mariadb.jdbc.Driver.connect(Driver.java:109)
        at 
org.apache.solr.handler.dataimport.JdbcDataSource$1.call(JdbcDataSource.java:192)
        at 
org.apache.solr.handler.dataimport.JdbcDataSource$1.call(JdbcDataSource.java:172)
        at 
org.apache.solr.handler.dataimport.JdbcDataSource.getConnection(JdbcDataSource.java:503)
        at 
org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:313)
        ... 12 more
Caused by: org.mariadb.jdbc.internal.util.dao.QueryException: Could
not connect: Access denied for user 'root'@'ICZ2002912' (using
password: NO)
        at 
org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.authentication(AbstractConnectProtocol.java:524)
        at 
org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.handleConnectionPhases(AbstractConnectProtocol.java:472)
        at 
org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connect(AbstractConnectProtocol.java:374)
        at 
org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:763)
        at org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:469)
        at org.mariadb.jdbc.Driver.connect(Driver.java:104)
        ... 16 more



On Thu, Oct 6, 2016 at 2:42 PM, Jamie Jackson <jamieja...@gmail.com> wrote:

> It happens to be ten characters.
>
> On Thu, Oct 6, 2016 at 12:44 PM, Alexandre Rafalovitch <arafa...@gmail.com
> > wrote:
>
>> How long is the encryption key (file content)? Because the code I am
>> looking at seems to expect it to be at most 100 characters.
>>
>> Regards,
>>    Alex.
>> ----
>> Newsletter and resources for Solr beginners and intermediates:
>> http://www.solr-start.com/
>>
>>
>> On 6 October 2016 at 23:26, Kevin Risden <compuwizard...@gmail.com>
>> wrote:
>> > I haven't tried this but is it possible there is a new line at the end
>> in
>> > the file?
>> >
>> > If you did something like echo "" > file.txt then there would be a new
>> > line. Use echo -n "" > file.txt
>> >
>> > Also you should be able to check how many characters are in the file.
>> >
>> > Kevin Risden
>> >
>> > On Wed, Oct 5, 2016 at 5:00 PM, Jamie Jackson <jamieja...@gmail.com>
>> wrote:
>> >
>> >> Hi Folks,
>> >>
>> >> (Using Solr 5.5.3.)
>> >>
>> >> As far as I know, the only place where encrypted password use is
>> documented
>> >> is in
>> >> https://cwiki.apache.org/confluence/display/solr/
>> >> Uploading+Structured+Data+Store+Data+with+the+Data+Import+Handler,
>> >> under the "Configuring the DIH Configuration File", in a comment in the
>> >> sample XML file:
>> >>
>> >> <!--
>> >> Alternately the password can be encrypted as follows. This is the value
>> >> obtained as a result of the command
>> >> openssl enc -aes-128-cbc -a -salt -in pwd.txt
>> >> password="U2FsdGVkX18QMjY0yfCqlfBMvAB4d3XkwY96L7gfO2o="
>> >> WHen the password is encrypted, you must provide an extra attribute
>> >> encryptKeyFile="/location/of/encryptionkey"
>> >> This file should a text file with a single line containing the
>> >> encrypt/decrypt password
>> >> -->
>> >>
>> >> Anyway, I can encrypt just fine:
>> >>
>> >> $ openssl enc -aes-128-cbc -a -salt -in stgps.txt
>> >> enter aes-128-cbc encryption password:
>> >> Verifying - enter aes-128-cbc encryption password:
>> >> U2FsdGVkX1+VtVoQtmEREvB5qZjn3131+N4jRXmjyIY=
>> >>
>> >>
>> >> I can also decrypt just fine from the command line.
>> >>
>> >> However, if I use the encrypted password and encryptKeyFile in the
>> config
>> >> file, I end up with an error: "String length must be a multiple of
>> four."
>> >>
>> >> https://gist.github.com/jamiejackson/3852dacb03432328ea187d43ade5e4d9
>> >>
>> >> How do I get this working?
>> >>
>> >> Thanks,
>> >> Jamie
>> >>
>>
>
>

Re: Problem with Password Decryption in Data Import Handler

Reply via email to