]>
Commit | Line | Data |
---|---|---|
4d4e5cd4 | 1 | import * as crypto from 'crypto' |
65fcc311 C |
2 | import { join } from 'path' |
3 | ||
4 | import { | |
5 | SIGNATURE_ALGORITHM, | |
6 | SIGNATURE_ENCODING, | |
7 | PRIVATE_CERT_NAME, | |
8 | CONFIG, | |
9 | BCRYPT_SALT_SIZE, | |
10 | PUBLIC_CERT_NAME | |
11 | } from '../initializers' | |
6fcd19ba C |
12 | import { |
13 | readFilePromise, | |
14 | bcryptComparePromise, | |
15 | bcryptGenSaltPromise, | |
16 | bcryptHashPromise, | |
17 | accessPromise, | |
18 | opensslExecPromise | |
19 | } from './core-utils' | |
65fcc311 | 20 | import { logger } from './logger' |
9f10b292 | 21 | |
69818c93 | 22 | function checkSignature (publicKey: string, data: string, hexSignature: string) { |
65fcc311 | 23 | const verify = crypto.createVerify(SIGNATURE_ALGORITHM) |
bdfbd4f1 C |
24 | |
25 | let dataString | |
26 | if (typeof data === 'string') { | |
27 | dataString = data | |
28 | } else { | |
29 | try { | |
30 | dataString = JSON.stringify(data) | |
31 | } catch (err) { | |
ad0997ad | 32 | logger.error('Cannot check signature.', err) |
bdfbd4f1 C |
33 | return false |
34 | } | |
35 | } | |
36 | ||
37 | verify.update(dataString, 'utf8') | |
38 | ||
65fcc311 | 39 | const isValid = verify.verify(publicKey, hexSignature, SIGNATURE_ENCODING) |
bc503c2a | 40 | return isValid |
9f10b292 C |
41 | } |
42 | ||
f5028693 | 43 | async function sign (data: string|Object) { |
65fcc311 | 44 | const sign = crypto.createSign(SIGNATURE_ALGORITHM) |
bdfbd4f1 | 45 | |
69818c93 | 46 | let dataString: string |
bdfbd4f1 C |
47 | if (typeof data === 'string') { |
48 | dataString = data | |
49 | } else { | |
50 | try { | |
51 | dataString = JSON.stringify(data) | |
52 | } catch (err) { | |
ad0997ad | 53 | logger.error('Cannot sign data.', err) |
f5028693 | 54 | return '' |
bdfbd4f1 C |
55 | } |
56 | } | |
57 | ||
58 | sign.update(dataString, 'utf8') | |
59 | ||
f5028693 C |
60 | const myKey = await getMyPrivateCert() |
61 | return await sign.sign(myKey, SIGNATURE_ENCODING) | |
bdfbd4f1 C |
62 | } |
63 | ||
6fcd19ba C |
64 | function comparePassword (plainPassword: string, hashPassword: string) { |
65 | return bcryptComparePromise(plainPassword, hashPassword) | |
26d7d31b C |
66 | } |
67 | ||
f5028693 C |
68 | async function createCertsIfNotExist () { |
69 | const exist = await certsExist() | |
70 | if (exist === true) { | |
71 | return undefined | |
72 | } | |
9f10b292 | 73 | |
f5028693 | 74 | return await createCerts() |
9f10b292 | 75 | } |
dac0a531 | 76 | |
f5028693 C |
77 | async function cryptPassword (password: string) { |
78 | const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE) | |
79 | ||
80 | return await bcryptHashPromise(password, salt) | |
26d7d31b C |
81 | } |
82 | ||
6fcd19ba | 83 | function getMyPrivateCert () { |
65fcc311 | 84 | const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) |
6fcd19ba | 85 | return readFilePromise(certPath, 'utf8') |
15103f11 C |
86 | } |
87 | ||
6fcd19ba | 88 | function getMyPublicCert () { |
65fcc311 | 89 | const certPath = join(CONFIG.STORAGE.CERT_DIR, PUBLIC_CERT_NAME) |
6fcd19ba | 90 | return readFilePromise(certPath, 'utf8') |
15103f11 C |
91 | } |
92 | ||
9f10b292 | 93 | // --------------------------------------------------------------------------- |
dac0a531 | 94 | |
65fcc311 C |
95 | export { |
96 | checkSignature, | |
97 | comparePassword, | |
98 | createCertsIfNotExist, | |
99 | cryptPassword, | |
100 | getMyPrivateCert, | |
101 | getMyPublicCert, | |
102 | sign | |
103 | } | |
dac0a531 | 104 | |
9f10b292 | 105 | // --------------------------------------------------------------------------- |
dac0a531 | 106 | |
f5028693 | 107 | async function certsExist () { |
65fcc311 | 108 | const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) |
9f10b292 | 109 | |
6fcd19ba | 110 | // If there is an error the certificates do not exist |
f5028693 C |
111 | try { |
112 | await accessPromise(certPath) | |
113 | ||
114 | return true | |
115 | } catch { | |
116 | return false | |
117 | } | |
6fcd19ba | 118 | } |
0dd079da | 119 | |
f5028693 C |
120 | async function createCerts () { |
121 | const exist = await certsExist() | |
122 | if (exist === true) { | |
123 | const errorMessage = 'Certs already exist.' | |
124 | logger.warning(errorMessage) | |
125 | throw new Error(errorMessage) | |
126 | } | |
9f10b292 | 127 | |
f5028693 | 128 | logger.info('Generating a RSA key...') |
e861452f | 129 | |
f5028693 C |
130 | const privateCertPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) |
131 | const genRsaOptions = { | |
132 | 'out': privateCertPath, | |
133 | '2048': false | |
134 | } | |
135 | ||
136 | await opensslExecPromise('genrsa', genRsaOptions) | |
137 | logger.info('RSA key generated.') | |
138 | logger.info('Managing public key...') | |
139 | ||
140 | const publicCertPath = join(CONFIG.STORAGE.CERT_DIR, 'peertube.pub') | |
141 | const rsaOptions = { | |
142 | 'in': privateCertPath, | |
143 | 'pubout': true, | |
144 | 'out': publicCertPath | |
145 | } | |
146 | ||
147 | await opensslExecPromise('rsa', rsaOptions) | |
9f10b292 | 148 | } |