[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.js

'use strict'

const bcrypt = require('bcrypt')
const fs = require('fs')
const openssl = require('openssl-wrapper')
const ursa = require('ursa')

const constants = require('../initializers/constants')
const logger = require('./logger')

const peertubeCrypto = {
  checkSignature,
  comparePassword,
  createCertsIfNotExist,
  cryptPassword,
  sign
}

function checkSignature (publicKey, rawData, hexSignature) {
  const crt = ursa.createPublicKey(publicKey)
  const isValid = crt.hashAndVerify('sha256', new Buffer(rawData).toString('hex'), hexSignature, 'hex')
  return isValid
}

function comparePassword (plainPassword, hashPassword, callback) {
  bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
    if (err) return callback(err)

    return callback(null, isPasswordMatch)
  })
}

function createCertsIfNotExist (callback) {
  certsExist(function (exist) {
    if (exist === true) {
      return callback(null)
    }

    createCerts(function (err) {
      return callback(err)
    })
  })
}

function cryptPassword (password, callback) {
  bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
    if (err) return callback(err)

    bcrypt.hash(password, salt, function (err, hash) {
      return callback(err, hash)
    })
  })
}

function sign (data) {
  const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
  const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')

  return signature
}

// ---------------------------------------------------------------------------

module.exports = peertubeCrypto

// ---------------------------------------------------------------------------

function certsExist (callback) {
  fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
    return callback(exists)
  })
}

function createCerts (callback) {
  certsExist(function (exist) {
    if (exist === true) {
      const string = 'Certs already exist.'
      logger.warning(string)
      return callback(new Error(string))
    }

    logger.info('Generating a RSA key...')

    let options = {
      'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
      '2048': false
    }
    openssl.exec('genrsa', options, function (err) {
      if (err) {
        logger.error('Cannot create private key on this pod.')
        return callback(err)
      }
      logger.info('RSA key generated.')

      options = {
        'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
        'pubout': true,
        'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
      }
      logger.info('Manage public key...')
      openssl.exec('rsa', options, function (err) {
        if (err) {
          logger.error('Cannot create public key on this pod.')
          return callback(err)
        }

        logger.info('Public key managed.')
        return callback(null)
      })
    })
  })
}
Commit	Line	Data
	1	'use strict'
	2
	3	const bcrypt = require('bcrypt')
	4	const fs = require('fs')
	5	const openssl = require('openssl-wrapper')
	6	const ursa = require('ursa')
	7
	8	const constants = require('../initializers/constants')
	9	const logger = require('./logger')
	10
	11	const peertubeCrypto = {
	12	checkSignature,
	13	comparePassword,
	14	createCertsIfNotExist,
	15	cryptPassword,
	16	sign
	17	}
	18
	19	function checkSignature (publicKey, rawData, hexSignature) {
	20	const crt = ursa.createPublicKey(publicKey)
	21	const isValid = crt.hashAndVerify('sha256', new Buffer(rawData).toString('hex'), hexSignature, 'hex')
	22	return isValid
	23	}
	24
	25	function comparePassword (plainPassword, hashPassword, callback) {
	26	bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
	27	if (err) return callback(err)
	28
	29	return callback(null, isPasswordMatch)
	30	})
	31	}
	32
	33	function createCertsIfNotExist (callback) {
	34	certsExist(function (exist) {
	35	if (exist === true) {
	36	return callback(null)
	37	}
	38
	39	createCerts(function (err) {
	40	return callback(err)
	41	})
	42	})
	43	}
	44
	45	function cryptPassword (password, callback) {
	46	bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
	47	if (err) return callback(err)
	48
	49	bcrypt.hash(password, salt, function (err, hash) {
	50	return callback(err, hash)
	51	})
	52	})
	53	}
	54
	55	function sign (data) {
	56	const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
	57	const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
	58
	59	return signature
	60	}
	61
	62	// ---------------------------------------------------------------------------
	63
	64	module.exports = peertubeCrypto
	65
	66	// ---------------------------------------------------------------------------
	67
	68	function certsExist (callback) {
	69	fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
	70	return callback(exists)
	71	})
	72	}
	73
	74	function createCerts (callback) {
	75	certsExist(function (exist) {
	76	if (exist === true) {
	77	const string = 'Certs already exist.'
	78	logger.warning(string)
	79	return callback(new Error(string))
	80	}
	81
	82	logger.info('Generating a RSA key...')
	83
	84	let options = {
	85	'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
	86	'2048': false
	87	}
	88	openssl.exec('genrsa', options, function (err) {
	89	if (err) {
	90	logger.error('Cannot create private key on this pod.')
	91	return callback(err)
	92	}
	93	logger.info('RSA key generated.')
	94
	95	options = {
	96	'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
	97	'pubout': true,
	98	'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
	99	}
	100	logger.info('Manage public key...')
	101	openssl.exec('rsa', options, function (err) {
	102	if (err) {
	103	logger.error('Cannot create public key on this pod.')
	104	return callback(err)
	105	}
	106
	107	logger.info('Public key managed.')
	108	return callback(null)
	109	})
	110	})
	111	})
	112	}