如何为RabbitMQ管理HTTP API生成password_hash [英] How to generate password_hash for RabbitMQ Management HTTP API
问题描述
心爱的 RabbitMQ管理插件具有
The beloved RabbitMQ Management Plugin has a HTTP API to manage the RabbitMQ through plain HTTP requests.
我们需要以编程方式创建用户,并且选择了HTTP API.文档很少,但API非常简单直观.
We need to create users programatically, and the HTTP API was the chosen way to go. The documentation is scarce, but the API it's pretty simple and intuitive.
出于安全考虑,我们不想以纯文本形式传递用户密码,而API提供了一个字段来发送密码哈希.从那里引用:
Concerned about the security, we don't want to pass the user password in plain text, and the API offers a field to send the password hash instead. Quote from there:
[GET |放置|删除]/api/users/名称
单个用户.要放置用户,您需要身体看起来像这样的东西:
An individual user. To PUT a user, you will need a body looking something like this:
{"password":"secret","tags":"administrator"}
或:
{"password_hash":"2lmoth8l4H0DViLaK9Fxi6l9ds8=", "tags":"administrator"}
标签键是强制性的.必须设置 password 或 password_hash .
The tags key is mandatory. Either password or password_hash must be set.
到目前为止,很好,问题是:如何正确生成 password_hash ?
So far, so good, the problem is: how to correctly generate the password_hash?
在RabbitMQ的配置文件中配置了密码哈希算法SHA256.
The password hashing algorithm is configured in RabbitMQ's configuration file, and our is configured as the default SHA256.
我正在使用C#,并使用以下代码来生成哈希值:
I'm using C#, and the following code to generate the hash:
var cr = new SHA256Managed();
var simplestPassword = "1";
var bytes = cr.ComputeHash(Encoding.UTF8.GetBytes(simplestPassword));
var sb = new StringBuilder();
foreach (var b in bytes) sb.Append(b.ToString("x2"));
var hash = sb.ToString();
这不起作用.在一些在线工具中对SHA256加密进行了测试,该代码正在生成预期的输出.但是,如果我们转到管理页面并将用户密码手动设置为"1",则它就像一个超级按钮一样工作.
This doesn't work. Testing in some online tools for SHA256 encryption, the code is generating the expected output. However, if we go to the management page and set the user password manually to "1" then it works like a charm.
此答案使我导出了配置,并查看RabbitMQ生成的哈希,我意识到几件事:
This answer led me to export the configurations and take a look at the hashes RabbitMQ are generating, and I realized a few things:
- "1"的哈希示例:"y4xPTRVfzXg68sz9ALqeQzARam3CwnGo53xS752cDV5 + Utzh"
- 所有用户的哈希值都有固定的长度
- 哈希值每次都会更改(即使密码相同).我知道PB2K也会对密码执行此操作,但不知道此加密属性的名称.
- 如果我通过
password_hash,RabbitMQ会不加更改地存储它
- hash example of "1": "y4xPTRVfzXg68sz9ALqeQzARam3CwnGo53xS752cDV5+Utzh"
- all the user's hashes have fixed length
- the hashes change every time (even if the password is the same). I know PB2K also do this to passwords, but don't know the name of this cryptographic property.
- if I pass the
password_hashthe RabbitMQ stores it without changes
我也接受其他编程语言的建议,而不仅仅是C#.
I'm accepting suggestions in another programming languages as well, not just C#.
