[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.ts

import { BCRYPT_SALT_SIZE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
import { ActorModel } from '../models/activitypub/actor'
import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'
import { jsig } from './custom-jsonld-signature'
import { logger } from './logger'

async function createPrivateAndPublicKeys () {
  logger.info('Generating a RSA key...')

  const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
  const { publicKey } = await getPublicKey(key)

  return { privateKey: key, publicKey }
}

function isSignatureVerified (fromActor: ActorModel, signedDocument: object) {
  const publicKeyObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    '@id': fromActor.url,
    '@type':  'CryptographicKey',
    owner: fromActor.url,
    publicKeyPem: fromActor.publicKey
  }

  const publicKeyOwnerObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    '@id': fromActor.url,
    publicKey: [ publicKeyObject ]
  }

  const options = {
    publicKey: publicKeyObject,
    publicKeyOwner: publicKeyOwnerObject
  }

  return jsig.promises.verify(signedDocument, options)
    .catch(err => {
      logger.error('Cannot check signature.', { err })
      return false
    })
}

function signObject (byActor: ActorModel, data: any) {
  const options = {
    privateKeyPem: byActor.privateKey,
    creator: byActor.url,
    algorithm: 'RsaSignature2017'
  }

  return jsig.promises.sign(data, options)
}

function comparePassword (plainPassword: string, hashPassword: string) {
  return bcryptComparePromise(plainPassword, hashPassword)
}

async function cryptPassword (password: string) {
  const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)

  return bcryptHashPromise(password, salt)
}

// ---------------------------------------------------------------------------

export {
  isSignatureVerified,
  comparePassword,
  createPrivateAndPublicKeys,
  cryptPassword,
  signObject
}
Commit	Line	Data
8d468a16	1	import { BCRYPT_SALT_SIZE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
50d6de9c	2	import { ActorModel } from '../models/activitypub/actor'
8d468a16	3	import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'
9a27cdc2	4	import { jsig } from './custom-jsonld-signature'
8d468a16	5	import { logger } from './logger'
9f10b292	6
e4f97bab C	7	async function createPrivateAndPublicKeys () {
e4f97bab C	8	logger.info('Generating a RSA key...')
bdfbd4f1	9
e4f97bab C	10	const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
e4f97bab C	11	const { publicKey } = await getPublicKey(key)
bdfbd4f1	12
e4f97bab	13	return { privateKey: key, publicKey }
9f10b292 C	14	}
9f10b292 C	15
50d6de9c	16	function isSignatureVerified (fromActor: ActorModel, signedDocument: object) {
e4f97bab C	17	const publicKeyObject = {
e4f97bab C	18	'@context': jsig.SECURITY_CONTEXT_URL,
50d6de9c	19	'@id': fromActor.url,
e4f97bab	20	'@type': 'CryptographicKey',
50d6de9c C	21	owner: fromActor.url,
50d6de9c C	22	publicKeyPem: fromActor.publicKey
bdfbd4f1 C	23	}
bdfbd4f1 C	24
e4f97bab C	25	const publicKeyOwnerObject = {
e4f97bab C	26	'@context': jsig.SECURITY_CONTEXT_URL,
50d6de9c	27	'@id': fromActor.url,
e4f97bab C	28	publicKey: [ publicKeyObject ]
e4f97bab C	29	}
bdfbd4f1	30
e4f97bab C	31	const options = {
	32	publicKey: publicKeyObject,
	33	publicKeyOwner: publicKeyOwnerObject
	34	}
bdfbd4f1	35
efc32059	36	return jsig.promises.verify(signedDocument, options)
e4f97bab	37	.catch(err => {
d5b7d911	38	logger.error('Cannot check signature.', { err })
e4f97bab C	39	return false
e4f97bab C	40	})
26d7d31b C	41	}
26d7d31b C	42
50d6de9c	43	function signObject (byActor: ActorModel, data: any) {
e4f97bab	44	const options = {
50d6de9c	45	privateKeyPem: byActor.privateKey,
ce33ee01 C	46	creator: byActor.url,
ce33ee01 C	47	algorithm: 'RsaSignature2017'
f5028693	48	}
9f10b292	49
efc32059	50	return jsig.promises.sign(data, options)
e4f97bab C	51	}
	52
	53	function comparePassword (plainPassword: string, hashPassword: string) {
	54	return bcryptComparePromise(plainPassword, hashPassword)
9f10b292	55	}
dac0a531	56
f5028693 C	57	async function cryptPassword (password: string) {
	58	const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
	59
53abc4c2	60	return bcryptHashPromise(password, salt)
26d7d31b C	61	}
26d7d31b C	62
9f10b292	63	// ---------------------------------------------------------------------------
dac0a531	64
65fcc311	65	export {
e4f97bab	66	isSignatureVerified,
65fcc311	67	comparePassword,
e4f97bab	68	createPrivateAndPublicKeys,
65fcc311	69	cryptPassword,
e4f97bab	70	signObject
9f10b292	71	}