]>
Commit | Line | Data |
---|---|---|
9f10b292 C |
1 | 'use strict' |
2 | ||
bdfbd4f1 | 3 | const crypto = require('crypto') |
26d7d31b | 4 | const bcrypt = require('bcrypt') |
f0f5567b C |
5 | const fs = require('fs') |
6 | const openssl = require('openssl-wrapper') | |
9f10b292 | 7 | |
e861452f | 8 | const constants = require('../initializers/constants') |
f0f5567b | 9 | const logger = require('./logger') |
9f10b292 | 10 | |
f0f5567b | 11 | const peertubeCrypto = { |
c4403b29 C |
12 | checkSignature, |
13 | comparePassword, | |
14 | createCertsIfNotExist, | |
15 | cryptPassword, | |
c4403b29 | 16 | sign |
9f10b292 C |
17 | } |
18 | ||
bdfbd4f1 C |
19 | function checkSignature (publicKey, data, hexSignature) { |
20 | const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM) | |
21 | ||
22 | let dataString | |
23 | if (typeof data === 'string') { | |
24 | dataString = data | |
25 | } else { | |
26 | try { | |
27 | dataString = JSON.stringify(data) | |
28 | } catch (err) { | |
29 | logger.error('Cannot check signature.', { error: err }) | |
30 | return false | |
31 | } | |
32 | } | |
33 | ||
34 | verify.update(dataString, 'utf8') | |
35 | ||
36 | const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING) | |
bc503c2a | 37 | return isValid |
9f10b292 C |
38 | } |
39 | ||
bdfbd4f1 C |
40 | function sign (data) { |
41 | const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM) | |
42 | ||
43 | let dataString | |
44 | if (typeof data === 'string') { | |
45 | dataString = data | |
46 | } else { | |
47 | try { | |
48 | dataString = JSON.stringify(data) | |
49 | } catch (err) { | |
50 | logger.error('Cannot sign data.', { error: err }) | |
51 | return '' | |
52 | } | |
53 | } | |
54 | ||
55 | sign.update(dataString, 'utf8') | |
56 | ||
57 | // TODO: make async | |
58 | const myKey = fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem') | |
59 | const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING) | |
60 | ||
61 | return signature | |
62 | } | |
63 | ||
26d7d31b C |
64 | function comparePassword (plainPassword, hashPassword, callback) { |
65 | bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { | |
66 | if (err) return callback(err) | |
67 | ||
68 | return callback(null, isPasswordMatch) | |
69 | }) | |
70 | } | |
71 | ||
9f10b292 C |
72 | function createCertsIfNotExist (callback) { |
73 | certsExist(function (exist) { | |
74 | if (exist === true) { | |
75 | return callback(null) | |
76 | } | |
77 | ||
78 | createCerts(function (err) { | |
79 | return callback(err) | |
dac0a531 | 80 | }) |
9f10b292 C |
81 | }) |
82 | } | |
dac0a531 | 83 | |
26d7d31b C |
84 | function cryptPassword (password, callback) { |
85 | bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) { | |
86 | if (err) return callback(err) | |
87 | ||
88 | bcrypt.hash(password, salt, function (err, hash) { | |
89 | return callback(err, hash) | |
90 | }) | |
91 | }) | |
92 | } | |
93 | ||
9f10b292 | 94 | // --------------------------------------------------------------------------- |
dac0a531 | 95 | |
9f10b292 | 96 | module.exports = peertubeCrypto |
dac0a531 | 97 | |
9f10b292 | 98 | // --------------------------------------------------------------------------- |
dac0a531 | 99 | |
9f10b292 | 100 | function certsExist (callback) { |
e861452f | 101 | fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) { |
9f10b292 C |
102 | return callback(exists) |
103 | }) | |
104 | } | |
105 | ||
106 | function createCerts (callback) { | |
107 | certsExist(function (exist) { | |
108 | if (exist === true) { | |
f0f5567b | 109 | const string = 'Certs already exist.' |
9f10b292 C |
110 | logger.warning(string) |
111 | return callback(new Error(string)) | |
112 | } | |
113 | ||
114 | logger.info('Generating a RSA key...') | |
e861452f C |
115 | |
116 | let options = { | |
117 | 'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', | |
118 | '2048': false | |
119 | } | |
120 | openssl.exec('genrsa', options, function (err) { | |
9f10b292 C |
121 | if (err) { |
122 | logger.error('Cannot create private key on this pod.') | |
123 | return callback(err) | |
dac0a531 | 124 | } |
9f10b292 | 125 | logger.info('RSA key generated.') |
dac0a531 | 126 | |
e861452f C |
127 | options = { |
128 | 'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', | |
129 | 'pubout': true, | |
130 | 'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub' | |
131 | } | |
9f10b292 | 132 | logger.info('Manage public key...') |
e861452f | 133 | openssl.exec('rsa', options, function (err) { |
dac0a531 | 134 | if (err) { |
9f10b292 | 135 | logger.error('Cannot create public key on this pod.') |
dac0a531 C |
136 | return callback(err) |
137 | } | |
dac0a531 | 138 | |
9f10b292 C |
139 | logger.info('Public key managed.') |
140 | return callback(null) | |
141 | }) | |
dac0a531 | 142 | }) |
9f10b292 C |
143 | }) |
144 | } |