[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.ts

import { Request } from 'express'
import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
import { ActorModel } from '../models/activitypub/actor'
import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'
import { jsig } from './custom-jsonld-signature'
import { logger } from './logger'

const httpSignature = require('http-signature')

async function createPrivateAndPublicKeys () {
  logger.info('Generating a RSA key...')

  const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
  const { publicKey } = await getPublicKey(key)

  return { privateKey: key, publicKey }
}

// User password checks

function comparePassword (plainPassword: string, hashPassword: string) {
  return bcryptComparePromise(plainPassword, hashPassword)
}

async function cryptPassword (password: string) {
  const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)

  return bcryptHashPromise(password, salt)
}

// HTTP Signature

function isHTTPSignatureVerified (httpSignatureParsed: any, actor: ActorModel) {
  return httpSignature.verifySignature(httpSignatureParsed, actor.publicKey) === true
}

function parseHTTPSignature (req: Request) {
  return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME })
}

// JSONLD

function isJsonLDSignatureVerified (fromActor: ActorModel, signedDocument: any) {
  const publicKeyObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    id: fromActor.url,
    type:  'CryptographicKey',
    owner: fromActor.url,
    publicKeyPem: fromActor.publicKey
  }

  const publicKeyOwnerObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    id: fromActor.url,
    publicKey: [ publicKeyObject ]
  }

  const options = {
    publicKey: publicKeyObject,
    publicKeyOwner: publicKeyOwnerObject
  }

  return jsig.promises
             .verify(signedDocument, options)
             .then((result: { verified: boolean }) => result.verified)
             .catch(err => {
               logger.error('Cannot check signature.', { err })
               return false
             })
}

function signJsonLDObject (byActor: ActorModel, data: any) {
  const options = {
    privateKeyPem: byActor.privateKey,
    creator: byActor.url,
    algorithm: 'RsaSignature2017'
  }

  return jsig.promises.sign(data, options)
}

// ---------------------------------------------------------------------------

export {
  parseHTTPSignature,
  isHTTPSignatureVerified,
  isJsonLDSignatureVerified,
  comparePassword,
  createPrivateAndPublicKeys,
  cryptPassword,
  signJsonLDObject
}
Commit	Line	Data
41f2ebae C	1	import { Request } from 'express'
41f2ebae C	2	import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
50d6de9c	3	import { ActorModel } from '../models/activitypub/actor'
8d468a16	4	import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'
9a27cdc2	5	import { jsig } from './custom-jsonld-signature'
8d468a16	6	import { logger } from './logger'
9f10b292	7
41f2ebae C	8	const httpSignature = require('http-signature')
41f2ebae C	9
e4f97bab C	10	async function createPrivateAndPublicKeys () {
e4f97bab C	11	logger.info('Generating a RSA key...')
bdfbd4f1	12
e4f97bab C	13	const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
e4f97bab C	14	const { publicKey } = await getPublicKey(key)
bdfbd4f1	15
e4f97bab	16	return { privateKey: key, publicKey }
9f10b292 C	17	}
9f10b292 C	18
41f2ebae C	19	// User password checks
	20
	21	function comparePassword (plainPassword: string, hashPassword: string) {
	22	return bcryptComparePromise(plainPassword, hashPassword)
	23	}
	24
	25	async function cryptPassword (password: string) {
	26	const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
	27
	28	return bcryptHashPromise(password, salt)
	29	}
	30
	31	// HTTP Signature
	32
	33	function isHTTPSignatureVerified (httpSignatureParsed: any, actor: ActorModel) {
	34	return httpSignature.verifySignature(httpSignatureParsed, actor.publicKey) === true
	35	}
	36
	37	function parseHTTPSignature (req: Request) {
	38	return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME })
	39	}
	40
	41	// JSONLD
	42
	43	function isJsonLDSignatureVerified (fromActor: ActorModel, signedDocument: any) {
e4f97bab C	44	const publicKeyObject = {
e4f97bab C	45	'@context': jsig.SECURITY_CONTEXT_URL,
41f2ebae C	46	id: fromActor.url,
41f2ebae C	47	type: 'CryptographicKey',
50d6de9c C	48	owner: fromActor.url,
50d6de9c C	49	publicKeyPem: fromActor.publicKey
bdfbd4f1 C	50	}
bdfbd4f1 C	51
e4f97bab C	52	const publicKeyOwnerObject = {
e4f97bab C	53	'@context': jsig.SECURITY_CONTEXT_URL,
41f2ebae	54	id: fromActor.url,
e4f97bab C	55	publicKey: [ publicKeyObject ]
e4f97bab C	56	}
bdfbd4f1	57
e4f97bab C	58	const options = {
	59	publicKey: publicKeyObject,
	60	publicKeyOwner: publicKeyOwnerObject
	61	}
bdfbd4f1	62
41f2ebae C	63	return jsig.promises
41f2ebae C	64	.verify(signedDocument, options)
40ed9f6a	65	.then((result: { verified: boolean }) => result.verified)
41f2ebae C	66	.catch(err => {
	67	logger.error('Cannot check signature.', { err })
	68	return false
	69	})
26d7d31b C	70	}
26d7d31b C	71
41f2ebae	72	function signJsonLDObject (byActor: ActorModel, data: any) {
e4f97bab	73	const options = {
50d6de9c	74	privateKeyPem: byActor.privateKey,
ce33ee01 C	75	creator: byActor.url,
ce33ee01 C	76	algorithm: 'RsaSignature2017'
f5028693	77	}
9f10b292	78
efc32059	79	return jsig.promises.sign(data, options)
e4f97bab C	80	}
e4f97bab C	81
9f10b292	82	// ---------------------------------------------------------------------------
dac0a531	83
65fcc311	84	export {
41f2ebae C	85	parseHTTPSignature,
	86	isHTTPSignatureVerified,
	87	isJsonLDSignatureVerified,
65fcc311	88	comparePassword,
e4f97bab	89	createPrivateAndPublicKeys,
65fcc311	90	cryptPassword,
41f2ebae	91	signJsonLDObject
9f10b292	92	}