server/helpers/peertube-crypto.js

   1 'use strict'
   2
   3 const bcrypt = require('bcrypt')
   4 const fs = require('fs')
   5 const openssl = require('openssl-wrapper')
   6 const ursa = require('ursa')
   7
   8 const constants = require('../initializers/constants')
   9 const logger = require('./logger')
  10
  11 const peertubeCrypto = {
  12   checkSignature,
  13   comparePassword,
  14   createCertsIfNotExist,
  15   cryptPassword,
  16   sign
  17 }
  18
  19 function checkSignature (publicKey, rawData, hexSignature) {
  20   const crt = ursa.createPublicKey(publicKey)
  21   const isValid = crt.hashAndVerify('sha256', new Buffer(rawData).toString('hex'), hexSignature, 'hex')
  22   return isValid
  23 }
  24
  25 function comparePassword (plainPassword, hashPassword, callback) {
  26   bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
  27     if (err) return callback(err)
  28
  29     return callback(null, isPasswordMatch)
  30   })
  31 }
  32
  33 function createCertsIfNotExist (callback) {
  34   certsExist(function (exist) {
  35     if (exist === true) {
  36       return callback(null)
  37     }
  38
  39     createCerts(function (err) {
  40       return callback(err)
  41     })
  42   })
  43 }
  44
  45 function cryptPassword (password, callback) {
  46   bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
  47     if (err) return callback(err)
  48
  49     bcrypt.hash(password, salt, function (err, hash) {
  50       return callback(err, hash)
  51     })
  52   })
  53 }
  54
  55 function sign (data) {
  56   const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
  57   const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
  58
  59   return signature
  60 }
  61
  62 // ---------------------------------------------------------------------------
  63
  64 module.exports = peertubeCrypto
  65
  66 // ---------------------------------------------------------------------------
  67
  68 function certsExist (callback) {
  69   fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
  70     return callback(exists)
  71   })
  72 }
  73
  74 function createCerts (callback) {
  75   certsExist(function (exist) {
  76     if (exist === true) {
  77       const string = 'Certs already exist.'
  78       logger.warning(string)
  79       return callback(new Error(string))
  80     }
  81
  82     logger.info('Generating a RSA key...')
  83
  84     let options = {
  85       'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
  86       '2048': false
  87     }
  88     openssl.exec('genrsa', options, function (err) {
  89       if (err) {
  90         logger.error('Cannot create private key on this pod.')
  91         return callback(err)
  92       }
  93       logger.info('RSA key generated.')
  94
  95       options = {
  96         'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
  97         'pubout': true,
  98         'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
  99       }
 100       logger.info('Manage public key...')
 101       openssl.exec('rsa', options, function (err) {
 102         if (err) {
 103           logger.error('Cannot create public key on this pod.')
 104           return callback(err)
 105         }
 106
 107         logger.info('Public key managed.')
 108         return callback(null)
 109       })
 110     })
 111   })
 112 }