[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.js

'use strict'

const crypto = require('crypto')
const bcrypt = require('bcrypt')
const fs = require('fs')
const openssl = require('openssl-wrapper')

const constants = require('../initializers/constants')
const logger = require('./logger')

const peertubeCrypto = {
  checkSignature,
  comparePassword,
  createCertsIfNotExist,
  cryptPassword,
  sign
}

function checkSignature (publicKey, data, hexSignature) {
  const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM)

  let dataString
  if (typeof data === 'string') {
    dataString = data
  } else {
    try {
      dataString = JSON.stringify(data)
    } catch (err) {
      logger.error('Cannot check signature.', { error: err })
      return false
    }
  }

  verify.update(dataString, 'utf8')

  const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING)
  return isValid
}

function sign (data) {
  const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM)

  let dataString
  if (typeof data === 'string') {
    dataString = data
  } else {
    try {
      dataString = JSON.stringify(data)
    } catch (err) {
      logger.error('Cannot sign data.', { error: err })
      return ''
    }
  }

  sign.update(dataString, 'utf8')

  // TODO: make async
  const myKey = fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem')
  const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING)

  return signature
}

function comparePassword (plainPassword, hashPassword, callback) {
  bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
    if (err) return callback(err)

    return callback(null, isPasswordMatch)
  })
}

function createCertsIfNotExist (callback) {
  certsExist(function (exist) {
    if (exist === true) {
      return callback(null)
    }

    createCerts(function (err) {
      return callback(err)
    })
  })
}

function cryptPassword (password, callback) {
  bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
    if (err) return callback(err)

    bcrypt.hash(password, salt, function (err, hash) {
      return callback(err, hash)
    })
  })
}

// ---------------------------------------------------------------------------

module.exports = peertubeCrypto

// ---------------------------------------------------------------------------

function certsExist (callback) {
  fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
    return callback(exists)
  })
}

function createCerts (callback) {
  certsExist(function (exist) {
    if (exist === true) {
      const string = 'Certs already exist.'
      logger.warning(string)
      return callback(new Error(string))
    }

    logger.info('Generating a RSA key...')

    let options = {
      'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
      '2048': false
    }
    openssl.exec('genrsa', options, function (err) {
      if (err) {
        logger.error('Cannot create private key on this pod.')
        return callback(err)
      }
      logger.info('RSA key generated.')

      options = {
        'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
        'pubout': true,
        'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
      }
      logger.info('Manage public key...')
      openssl.exec('rsa', options, function (err) {
        if (err) {
          logger.error('Cannot create public key on this pod.')
          return callback(err)
        }

        logger.info('Public key managed.')
        return callback(null)
      })
    })
  })
}
Commit	Line	Data
9f10b292 C	1	'use strict'
9f10b292 C	2
bdfbd4f1	3	const crypto = require('crypto')
26d7d31b	4	const bcrypt = require('bcrypt')
f0f5567b C	5	const fs = require('fs')
f0f5567b C	6	const openssl = require('openssl-wrapper')
9f10b292	7
e861452f	8	const constants = require('../initializers/constants')
f0f5567b	9	const logger = require('./logger')
9f10b292	10
f0f5567b	11	const peertubeCrypto = {
c4403b29 C	12	checkSignature,
	13	comparePassword,
	14	createCertsIfNotExist,
	15	cryptPassword,
c4403b29	16	sign
9f10b292 C	17	}
9f10b292 C	18
bdfbd4f1 C	19	function checkSignature (publicKey, data, hexSignature) {
	20	const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM)
	21
	22	let dataString
	23	if (typeof data === 'string') {
	24	dataString = data
	25	} else {
	26	try {
	27	dataString = JSON.stringify(data)
	28	} catch (err) {
	29	logger.error('Cannot check signature.', { error: err })
	30	return false
	31	}
	32	}
	33
	34	verify.update(dataString, 'utf8')
	35
	36	const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING)
bc503c2a	37	return isValid
9f10b292 C	38	}
9f10b292 C	39
bdfbd4f1 C	40	function sign (data) {
	41	const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM)
	42
	43	let dataString
	44	if (typeof data === 'string') {
	45	dataString = data
	46	} else {
	47	try {
	48	dataString = JSON.stringify(data)
	49	} catch (err) {
	50	logger.error('Cannot sign data.', { error: err })
	51	return ''
	52	}
	53	}
	54
	55	sign.update(dataString, 'utf8')
	56
	57	// TODO: make async
	58	const myKey = fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem')
	59	const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING)
	60
	61	return signature
	62	}
	63
26d7d31b C	64	function comparePassword (plainPassword, hashPassword, callback) {
	65	bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
	66	if (err) return callback(err)
	67
	68	return callback(null, isPasswordMatch)
	69	})
	70	}
	71
9f10b292 C	72	function createCertsIfNotExist (callback) {
	73	certsExist(function (exist) {
	74	if (exist === true) {
	75	return callback(null)
	76	}
	77
	78	createCerts(function (err) {
	79	return callback(err)
dac0a531	80	})
9f10b292 C	81	})
9f10b292 C	82	}
dac0a531	83
26d7d31b C	84	function cryptPassword (password, callback) {
	85	bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
	86	if (err) return callback(err)
	87
	88	bcrypt.hash(password, salt, function (err, hash) {
	89	return callback(err, hash)
	90	})
	91	})
	92	}
	93
9f10b292	94	// ---------------------------------------------------------------------------
dac0a531	95
9f10b292	96	module.exports = peertubeCrypto
dac0a531	97
9f10b292	98	// ---------------------------------------------------------------------------
dac0a531	99
9f10b292	100	function certsExist (callback) {
e861452f	101	fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
9f10b292 C	102	return callback(exists)
	103	})
	104	}
	105
	106	function createCerts (callback) {
	107	certsExist(function (exist) {
	108	if (exist === true) {
f0f5567b	109	const string = 'Certs already exist.'
9f10b292 C	110	logger.warning(string)
	111	return callback(new Error(string))
	112	}
	113
	114	logger.info('Generating a RSA key...')
e861452f C	115
	116	let options = {
	117	'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
	118	'2048': false
	119	}
	120	openssl.exec('genrsa', options, function (err) {
9f10b292 C	121	if (err) {
	122	logger.error('Cannot create private key on this pod.')
	123	return callback(err)
dac0a531	124	}
9f10b292	125	logger.info('RSA key generated.')
dac0a531	126
e861452f C	127	options = {
	128	'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
	129	'pubout': true,
	130	'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
	131	}
9f10b292	132	logger.info('Manage public key...')
e861452f	133	openssl.exec('rsa', options, function (err) {
dac0a531	134	if (err) {
9f10b292	135	logger.error('Cannot create public key on this pod.')
dac0a531 C	136	return callback(err)
dac0a531 C	137	}
dac0a531	138
9f10b292 C	139	logger.info('Public key managed.')
	140	return callback(null)
	141	})
dac0a531	142	})
9f10b292 C	143	})
9f10b292 C	144	}