]>
Commit | Line | Data |
---|---|---|
41f2ebae C |
1 | import { Request } from 'express' |
2 | import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers' | |
50d6de9c | 3 | import { ActorModel } from '../models/activitypub/actor' |
8d468a16 | 4 | import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils' |
9a27cdc2 | 5 | import { jsig } from './custom-jsonld-signature' |
8d468a16 | 6 | import { logger } from './logger' |
9f10b292 | 7 | |
41f2ebae C |
8 | const httpSignature = require('http-signature') |
9 | ||
e4f97bab C |
10 | async function createPrivateAndPublicKeys () { |
11 | logger.info('Generating a RSA key...') | |
bdfbd4f1 | 12 | |
e4f97bab C |
13 | const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE) |
14 | const { publicKey } = await getPublicKey(key) | |
bdfbd4f1 | 15 | |
e4f97bab | 16 | return { privateKey: key, publicKey } |
9f10b292 C |
17 | } |
18 | ||
41f2ebae C |
19 | // User password checks |
20 | ||
21 | function comparePassword (plainPassword: string, hashPassword: string) { | |
22 | return bcryptComparePromise(plainPassword, hashPassword) | |
23 | } | |
24 | ||
25 | async function cryptPassword (password: string) { | |
26 | const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE) | |
27 | ||
28 | return bcryptHashPromise(password, salt) | |
29 | } | |
30 | ||
31 | // HTTP Signature | |
32 | ||
33 | function isHTTPSignatureVerified (httpSignatureParsed: any, actor: ActorModel) { | |
34 | return httpSignature.verifySignature(httpSignatureParsed, actor.publicKey) === true | |
35 | } | |
36 | ||
37 | function parseHTTPSignature (req: Request) { | |
38 | return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME }) | |
39 | } | |
40 | ||
41 | // JSONLD | |
42 | ||
43 | function isJsonLDSignatureVerified (fromActor: ActorModel, signedDocument: any) { | |
e4f97bab C |
44 | const publicKeyObject = { |
45 | '@context': jsig.SECURITY_CONTEXT_URL, | |
41f2ebae C |
46 | id: fromActor.url, |
47 | type: 'CryptographicKey', | |
50d6de9c C |
48 | owner: fromActor.url, |
49 | publicKeyPem: fromActor.publicKey | |
bdfbd4f1 C |
50 | } |
51 | ||
e4f97bab C |
52 | const publicKeyOwnerObject = { |
53 | '@context': jsig.SECURITY_CONTEXT_URL, | |
41f2ebae | 54 | id: fromActor.url, |
e4f97bab C |
55 | publicKey: [ publicKeyObject ] |
56 | } | |
bdfbd4f1 | 57 | |
e4f97bab C |
58 | const options = { |
59 | publicKey: publicKeyObject, | |
60 | publicKeyOwner: publicKeyOwnerObject | |
61 | } | |
bdfbd4f1 | 62 | |
41f2ebae C |
63 | return jsig.promises |
64 | .verify(signedDocument, options) | |
40ed9f6a | 65 | .then((result: { verified: boolean }) => result.verified) |
41f2ebae C |
66 | .catch(err => { |
67 | logger.error('Cannot check signature.', { err }) | |
68 | return false | |
69 | }) | |
26d7d31b C |
70 | } |
71 | ||
41f2ebae | 72 | function signJsonLDObject (byActor: ActorModel, data: any) { |
e4f97bab | 73 | const options = { |
50d6de9c | 74 | privateKeyPem: byActor.privateKey, |
ce33ee01 C |
75 | creator: byActor.url, |
76 | algorithm: 'RsaSignature2017' | |
f5028693 | 77 | } |
9f10b292 | 78 | |
efc32059 | 79 | return jsig.promises.sign(data, options) |
e4f97bab C |
80 | } |
81 | ||
9f10b292 | 82 | // --------------------------------------------------------------------------- |
dac0a531 | 83 | |
65fcc311 | 84 | export { |
41f2ebae C |
85 | parseHTTPSignature, |
86 | isHTTPSignatureVerified, | |
87 | isJsonLDSignatureVerified, | |
65fcc311 | 88 | comparePassword, |
e4f97bab | 89 | createPrivateAndPublicKeys, |
65fcc311 | 90 | cryptPassword, |
41f2ebae | 91 | signJsonLDObject |
9f10b292 | 92 | } |