[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.ts

import {
  PRIVATE_RSA_KEY_SIZE,
  BCRYPT_SALT_SIZE
} from '../initializers'
import {
  bcryptComparePromise,
  bcryptGenSaltPromise,
  bcryptHashPromise,
  createPrivateKey,
  getPublicKey
} from './core-utils'
import { logger } from './logger'
import { AccountInstance } from '../models/account/account-interface'
import { jsig } from './custom-jsonld-signature'

async function createPrivateAndPublicKeys () {
  logger.info('Generating a RSA key...')

  const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
  const { publicKey } = await getPublicKey(key)

  return { privateKey: key, publicKey }
}

function isSignatureVerified (fromAccount: AccountInstance, signedDocument: object) {
  const publicKeyObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    '@id': fromAccount.url,
    '@type':  'CryptographicKey',
    owner: fromAccount.url,
    publicKeyPem: fromAccount.publicKey
  }

  const publicKeyOwnerObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    '@id': fromAccount.url,
    publicKey: [ publicKeyObject ]
  }

  const options = {
    publicKey: publicKeyObject,
    publicKeyOwner: publicKeyOwnerObject
  }

  return jsig.promises.verify(signedDocument, options)
    .catch(err => {
      logger.error('Cannot check signature.', err)
      return false
    })
}

function signObject (byAccount: AccountInstance, data: any) {
  const options = {
    privateKeyPem: byAccount.privateKey,
    creator: byAccount.url
  }

  return jsig.promises.sign(data, options)
}

function comparePassword (plainPassword: string, hashPassword: string) {
  return bcryptComparePromise(plainPassword, hashPassword)
}

async function cryptPassword (password: string) {
  const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)

  return bcryptHashPromise(password, salt)
}

// ---------------------------------------------------------------------------

export {
  isSignatureVerified,
  comparePassword,
  createPrivateAndPublicKeys,
  cryptPassword,
  signObject
}
Commit	Line	Data
65fcc311	1	import {
e4f97bab C	2	PRIVATE_RSA_KEY_SIZE,
e4f97bab C	3	BCRYPT_SALT_SIZE
65fcc311	4	} from '../initializers'
6fcd19ba	5	import {
6fcd19ba C	6	bcryptComparePromise,
	7	bcryptGenSaltPromise,
	8	bcryptHashPromise,
e4f97bab	9	createPrivateKey,
efc32059	10	getPublicKey
6fcd19ba	11	} from './core-utils'
65fcc311	12	import { logger } from './logger'
e4f97bab	13	import { AccountInstance } from '../models/account/account-interface'
9a27cdc2	14	import { jsig } from './custom-jsonld-signature'
9f10b292	15
e4f97bab C	16	async function createPrivateAndPublicKeys () {
e4f97bab C	17	logger.info('Generating a RSA key...')
bdfbd4f1	18
e4f97bab C	19	const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
e4f97bab C	20	const { publicKey } = await getPublicKey(key)
bdfbd4f1	21
e4f97bab	22	return { privateKey: key, publicKey }
9f10b292 C	23	}
9f10b292 C	24
e4f97bab C	25	function isSignatureVerified (fromAccount: AccountInstance, signedDocument: object) {
	26	const publicKeyObject = {
	27	'@context': jsig.SECURITY_CONTEXT_URL,
	28	'@id': fromAccount.url,
	29	'@type': 'CryptographicKey',
	30	owner: fromAccount.url,
	31	publicKeyPem: fromAccount.publicKey
bdfbd4f1 C	32	}
bdfbd4f1 C	33
e4f97bab C	34	const publicKeyOwnerObject = {
	35	'@context': jsig.SECURITY_CONTEXT_URL,
	36	'@id': fromAccount.url,
	37	publicKey: [ publicKeyObject ]
	38	}
bdfbd4f1	39
e4f97bab C	40	const options = {
	41	publicKey: publicKeyObject,
	42	publicKeyOwner: publicKeyOwnerObject
	43	}
bdfbd4f1	44
efc32059	45	return jsig.promises.verify(signedDocument, options)
e4f97bab C	46	.catch(err => {
	47	logger.error('Cannot check signature.', err)
	48	return false
	49	})
26d7d31b C	50	}
26d7d31b C	51
e4f97bab C	52	function signObject (byAccount: AccountInstance, data: any) {
	53	const options = {
	54	privateKeyPem: byAccount.privateKey,
	55	creator: byAccount.url
f5028693	56	}
9f10b292	57
efc32059	58	return jsig.promises.sign(data, options)
e4f97bab C	59	}
	60
	61	function comparePassword (plainPassword: string, hashPassword: string) {
	62	return bcryptComparePromise(plainPassword, hashPassword)
9f10b292	63	}
dac0a531	64
f5028693 C	65	async function cryptPassword (password: string) {
	66	const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
	67
53abc4c2	68	return bcryptHashPromise(password, salt)
26d7d31b C	69	}
26d7d31b C	70
9f10b292	71	// ---------------------------------------------------------------------------
dac0a531	72
65fcc311	73	export {
e4f97bab	74	isSignatureVerified,
65fcc311	75	comparePassword,
e4f97bab	76	createPrivateAndPublicKeys,
65fcc311	77	cryptPassword,
e4f97bab	78	signObject
9f10b292	79	}