[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.ts

import * as jsonld from 'jsonld'
import * as jsig from 'jsonld-signatures'
jsig.use('jsonld', jsonld)

import {
  PRIVATE_RSA_KEY_SIZE,
  BCRYPT_SALT_SIZE
} from '../initializers'
import {
  bcryptComparePromise,
  bcryptGenSaltPromise,
  bcryptHashPromise,
  createPrivateKey,
  getPublicKey
} from './core-utils'
import { logger } from './logger'
import { AccountInstance } from '../models/account/account-interface'

async function createPrivateAndPublicKeys () {
  logger.info('Generating a RSA key...')

  const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
  const { publicKey } = await getPublicKey(key)

  return { privateKey: key, publicKey }
}

function isSignatureVerified (fromAccount: AccountInstance, signedDocument: object) {
  const publicKeyObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    '@id': fromAccount.url,
    '@type':  'CryptographicKey',
    owner: fromAccount.url,
    publicKeyPem: fromAccount.publicKey
  }

  const publicKeyOwnerObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    '@id': fromAccount.url,
    publicKey: [ publicKeyObject ]
  }

  const options = {
    publicKey: publicKeyObject,
    publicKeyOwner: publicKeyOwnerObject
  }

  return jsig.promises.verify(signedDocument, options)
    .catch(err => {
      logger.error('Cannot check signature.', err)
      return false
    })
}

function signObject (byAccount: AccountInstance, data: any) {
  const options = {
    privateKeyPem: byAccount.privateKey,
    creator: byAccount.url
  }

  return jsig.promises.sign(data, options)
}

function comparePassword (plainPassword: string, hashPassword: string) {
  return bcryptComparePromise(plainPassword, hashPassword)
}

async function cryptPassword (password: string) {
  const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)

  return bcryptHashPromise(password, salt)
}

// ---------------------------------------------------------------------------

export {
  isSignatureVerified,
  comparePassword,
  createPrivateAndPublicKeys,
  cryptPassword,
  signObject
}
Commit	Line	Data
efc32059	1	import * as jsonld from 'jsonld'
e4f97bab	2	import * as jsig from 'jsonld-signatures'
efc32059	3	jsig.use('jsonld', jsonld)
65fcc311 C	4
65fcc311 C	5	import {
e4f97bab C	6	PRIVATE_RSA_KEY_SIZE,
e4f97bab C	7	BCRYPT_SALT_SIZE
65fcc311	8	} from '../initializers'
6fcd19ba	9	import {
6fcd19ba C	10	bcryptComparePromise,
	11	bcryptGenSaltPromise,
	12	bcryptHashPromise,
e4f97bab	13	createPrivateKey,
efc32059	14	getPublicKey
6fcd19ba	15	} from './core-utils'
65fcc311	16	import { logger } from './logger'
e4f97bab	17	import { AccountInstance } from '../models/account/account-interface'
9f10b292	18
e4f97bab C	19	async function createPrivateAndPublicKeys () {
e4f97bab C	20	logger.info('Generating a RSA key...')
bdfbd4f1	21
e4f97bab C	22	const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
e4f97bab C	23	const { publicKey } = await getPublicKey(key)
bdfbd4f1	24
e4f97bab	25	return { privateKey: key, publicKey }
9f10b292 C	26	}
9f10b292 C	27
e4f97bab C	28	function isSignatureVerified (fromAccount: AccountInstance, signedDocument: object) {
	29	const publicKeyObject = {
	30	'@context': jsig.SECURITY_CONTEXT_URL,
	31	'@id': fromAccount.url,
	32	'@type': 'CryptographicKey',
	33	owner: fromAccount.url,
	34	publicKeyPem: fromAccount.publicKey
bdfbd4f1 C	35	}
bdfbd4f1 C	36
e4f97bab C	37	const publicKeyOwnerObject = {
	38	'@context': jsig.SECURITY_CONTEXT_URL,
	39	'@id': fromAccount.url,
	40	publicKey: [ publicKeyObject ]
	41	}
bdfbd4f1	42
e4f97bab C	43	const options = {
	44	publicKey: publicKeyObject,
	45	publicKeyOwner: publicKeyOwnerObject
	46	}
bdfbd4f1	47
efc32059	48	return jsig.promises.verify(signedDocument, options)
e4f97bab C	49	.catch(err => {
	50	logger.error('Cannot check signature.', err)
	51	return false
	52	})
26d7d31b C	53	}
26d7d31b C	54
e4f97bab C	55	function signObject (byAccount: AccountInstance, data: any) {
	56	const options = {
	57	privateKeyPem: byAccount.privateKey,
	58	creator: byAccount.url
f5028693	59	}
9f10b292	60
efc32059	61	return jsig.promises.sign(data, options)
e4f97bab C	62	}
	63
	64	function comparePassword (plainPassword: string, hashPassword: string) {
	65	return bcryptComparePromise(plainPassword, hashPassword)
9f10b292	66	}
dac0a531	67
f5028693 C	68	async function cryptPassword (password: string) {
	69	const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
	70
53abc4c2	71	return bcryptHashPromise(password, salt)
26d7d31b C	72	}
26d7d31b C	73
9f10b292	74	// ---------------------------------------------------------------------------
dac0a531	75
65fcc311	76	export {
e4f97bab	77	isSignatureVerified,
65fcc311	78	comparePassword,
e4f97bab	79	createPrivateAndPublicKeys,
65fcc311	80	cryptPassword,
e4f97bab	81	signObject
9f10b292	82	}