[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.ts

import * as crypto from 'crypto'
import { join } from 'path'

import {
  SIGNATURE_ALGORITHM,
  SIGNATURE_ENCODING,
  PRIVATE_CERT_NAME,
  CONFIG,
  BCRYPT_SALT_SIZE,
  PUBLIC_CERT_NAME
} from '../initializers'
import {
  readFilePromise,
  bcryptComparePromise,
  bcryptGenSaltPromise,
  bcryptHashPromise,
  accessPromise,
  opensslExecPromise
} from './core-utils'
import { logger } from './logger'

function checkSignature (publicKey: string, data: string, hexSignature: string) {
  const verify = crypto.createVerify(SIGNATURE_ALGORITHM)

  let dataString
  if (typeof data === 'string') {
    dataString = data
  } else {
    try {
      dataString = JSON.stringify(data)
    } catch (err) {
      logger.error('Cannot check signature.', err)
      return false
    }
  }

  verify.update(dataString, 'utf8')

  const isValid = verify.verify(publicKey, hexSignature, SIGNATURE_ENCODING)
  return isValid
}

async function sign (data: string | Object) {
  const sign = crypto.createSign(SIGNATURE_ALGORITHM)

  let dataString: string
  if (typeof data === 'string') {
    dataString = data
  } else {
    try {
      dataString = JSON.stringify(data)
    } catch (err) {
      logger.error('Cannot sign data.', err)
      return ''
    }
  }

  sign.update(dataString, 'utf8')

  const myKey = await getMyPrivateCert()
  return sign.sign(myKey, SIGNATURE_ENCODING)
}

function comparePassword (plainPassword: string, hashPassword: string) {
  return bcryptComparePromise(plainPassword, hashPassword)
}

async function createCertsIfNotExist () {
  const exist = await certsExist()
  if (exist === true) {
    return
  }

  return createCerts()
}

async function cryptPassword (password: string) {
  const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)

  return bcryptHashPromise(password, salt)
}

function getMyPrivateCert () {
  const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
  return readFilePromise(certPath, 'utf8')
}

function getMyPublicCert () {
  const certPath = join(CONFIG.STORAGE.CERT_DIR, PUBLIC_CERT_NAME)
  return readFilePromise(certPath, 'utf8')
}

// ---------------------------------------------------------------------------

export {
  checkSignature,
  comparePassword,
  createCertsIfNotExist,
  cryptPassword,
  getMyPrivateCert,
  getMyPublicCert,
  sign
}

// ---------------------------------------------------------------------------

async function certsExist () {
  const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)

  // If there is an error the certificates do not exist
  try {
    await accessPromise(certPath)

    return true
  } catch {
    return false
  }
}

async function createCerts () {
  const exist = await certsExist()
  if (exist === true) {
    const errorMessage = 'Certs already exist.'
    logger.warning(errorMessage)
    throw new Error(errorMessage)
  }

  logger.info('Generating a RSA key...')

  const privateCertPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
  const genRsaOptions = {
    'out': privateCertPath,
    '2048': false
  }

  await opensslExecPromise('genrsa', genRsaOptions)
  logger.info('RSA key generated.')
  logger.info('Managing public key...')

  const publicCertPath = join(CONFIG.STORAGE.CERT_DIR, 'peertube.pub')
  const rsaOptions = {
    'in': privateCertPath,
    'pubout': true,
    'out': publicCertPath
  }

  await opensslExecPromise('rsa', rsaOptions)
}
Commit	Line	Data
4d4e5cd4	1	import * as crypto from 'crypto'
65fcc311 C	2	import { join } from 'path'
	3
	4	import {
	5	SIGNATURE_ALGORITHM,
	6	SIGNATURE_ENCODING,
	7	PRIVATE_CERT_NAME,
	8	CONFIG,
	9	BCRYPT_SALT_SIZE,
	10	PUBLIC_CERT_NAME
	11	} from '../initializers'
6fcd19ba C	12	import {
	13	readFilePromise,
	14	bcryptComparePromise,
	15	bcryptGenSaltPromise,
	16	bcryptHashPromise,
	17	accessPromise,
	18	opensslExecPromise
	19	} from './core-utils'
65fcc311	20	import { logger } from './logger'
9f10b292	21
69818c93	22	function checkSignature (publicKey: string, data: string, hexSignature: string) {
65fcc311	23	const verify = crypto.createVerify(SIGNATURE_ALGORITHM)
bdfbd4f1 C	24
	25	let dataString
	26	if (typeof data === 'string') {
	27	dataString = data
	28	} else {
	29	try {
	30	dataString = JSON.stringify(data)
	31	} catch (err) {
ad0997ad	32	logger.error('Cannot check signature.', err)
bdfbd4f1 C	33	return false
	34	}
	35	}
	36
	37	verify.update(dataString, 'utf8')
	38
65fcc311	39	const isValid = verify.verify(publicKey, hexSignature, SIGNATURE_ENCODING)
bc503c2a	40	return isValid
9f10b292 C	41	}
9f10b292 C	42
53abc4c2	43	async function sign (data: string \| Object) {
65fcc311	44	const sign = crypto.createSign(SIGNATURE_ALGORITHM)
bdfbd4f1	45
69818c93	46	let dataString: string
bdfbd4f1 C	47	if (typeof data === 'string') {
	48	dataString = data
	49	} else {
	50	try {
	51	dataString = JSON.stringify(data)
	52	} catch (err) {
ad0997ad	53	logger.error('Cannot sign data.', err)
f5028693	54	return ''
bdfbd4f1 C	55	}
	56	}
	57
	58	sign.update(dataString, 'utf8')
	59
f5028693	60	const myKey = await getMyPrivateCert()
d412e80e	61	return sign.sign(myKey, SIGNATURE_ENCODING)
bdfbd4f1 C	62	}
bdfbd4f1 C	63
6fcd19ba C	64	function comparePassword (plainPassword: string, hashPassword: string) {
6fcd19ba C	65	return bcryptComparePromise(plainPassword, hashPassword)
26d7d31b C	66	}
26d7d31b C	67
f5028693 C	68	async function createCertsIfNotExist () {
	69	const exist = await certsExist()
	70	if (exist === true) {
d412e80e	71	return
f5028693	72	}
9f10b292	73
53abc4c2	74	return createCerts()
9f10b292	75	}
dac0a531	76
f5028693 C	77	async function cryptPassword (password: string) {
	78	const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
	79
53abc4c2	80	return bcryptHashPromise(password, salt)
26d7d31b C	81	}
26d7d31b C	82
6fcd19ba	83	function getMyPrivateCert () {
65fcc311	84	const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
6fcd19ba	85	return readFilePromise(certPath, 'utf8')
15103f11 C	86	}
15103f11 C	87
6fcd19ba	88	function getMyPublicCert () {
65fcc311	89	const certPath = join(CONFIG.STORAGE.CERT_DIR, PUBLIC_CERT_NAME)
6fcd19ba	90	return readFilePromise(certPath, 'utf8')
15103f11 C	91	}
15103f11 C	92
9f10b292	93	// ---------------------------------------------------------------------------
dac0a531	94
65fcc311 C	95	export {
	96	checkSignature,
	97	comparePassword,
	98	createCertsIfNotExist,
	99	cryptPassword,
	100	getMyPrivateCert,
	101	getMyPublicCert,
	102	sign
	103	}
dac0a531	104
9f10b292	105	// ---------------------------------------------------------------------------
dac0a531	106
f5028693	107	async function certsExist () {
65fcc311	108	const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
9f10b292	109
6fcd19ba	110	// If there is an error the certificates do not exist
f5028693 C	111	try {
	112	await accessPromise(certPath)
	113
	114	return true
	115	} catch {
	116	return false
	117	}
6fcd19ba	118	}
0dd079da	119
f5028693 C	120	async function createCerts () {
	121	const exist = await certsExist()
	122	if (exist === true) {
	123	const errorMessage = 'Certs already exist.'
	124	logger.warning(errorMessage)
	125	throw new Error(errorMessage)
	126	}
9f10b292	127
f5028693	128	logger.info('Generating a RSA key...')
e861452f	129
f5028693 C	130	const privateCertPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
	131	const genRsaOptions = {
	132	'out': privateCertPath,
	133	'2048': false
	134	}
	135
	136	await opensslExecPromise('genrsa', genRsaOptions)
	137	logger.info('RSA key generated.')
	138	logger.info('Managing public key...')
	139
	140	const publicCertPath = join(CONFIG.STORAGE.CERT_DIR, 'peertube.pub')
	141	const rsaOptions = {
	142	'in': privateCertPath,
	143	'pubout': true,
	144	'out': publicCertPath
	145	}
	146
	147	await opensslExecPromise('rsa', rsaOptions)
9f10b292	148	}