]>
git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/helpers/peertube-crypto.js
3 const crypto
= require('crypto')
4 const bcrypt
= require('bcrypt')
5 const fs
= require('fs')
6 const openssl
= require('openssl-wrapper')
7 const pathUtils
= require('path')
9 const constants
= require('../initializers/constants')
10 const logger
= require('./logger')
12 const peertubeCrypto
= {
15 createCertsIfNotExist
,
22 function checkSignature (publicKey
, data
, hexSignature
) {
23 const verify
= crypto
.createVerify(constants
.SIGNATURE_ALGORITHM
)
26 if (typeof data
=== 'string') {
30 dataString
= JSON
.stringify(data
)
32 logger
.error('Cannot check signature.', { error: err
})
37 verify
.update(dataString
, 'utf8')
39 const isValid
= verify
.verify(publicKey
, hexSignature
, constants
.SIGNATURE_ENCODING
)
43 function sign (data
) {
44 const sign
= crypto
.createSign(constants
.SIGNATURE_ALGORITHM
)
47 if (typeof data
=== 'string') {
51 dataString
= JSON
.stringify(data
)
53 logger
.error('Cannot sign data.', { error: err
})
58 sign
.update(dataString
, 'utf8')
61 const certPath
= pathUtils
.join(constants
.CONFIG
.STORAGE
.CERT_DIR
, constants
.PRIVATE_CERT_NAME
)
62 const myKey
= fs
.readFileSync(certPath
)
63 const signature
= sign
.sign(myKey
, constants
.SIGNATURE_ENCODING
)
68 function comparePassword (plainPassword
, hashPassword
, callback
) {
69 bcrypt
.compare(plainPassword
, hashPassword
, function (err
, isPasswordMatch
) {
70 if (err
) return callback(err
)
72 return callback(null, isPasswordMatch
)
76 function createCertsIfNotExist (callback
) {
77 certsExist(function (err
, exist
) {
78 if (err
) return callback(err
)
84 createCerts(function (err
) {
90 function cryptPassword (password
, callback
) {
91 bcrypt
.genSalt(constants
.BCRYPT_SALT_SIZE
, function (err
, salt
) {
92 if (err
) return callback(err
)
94 bcrypt
.hash(password
, salt
, function (err
, hash
) {
95 return callback(err
, hash
)
100 function getMyPrivateCert (callback
) {
101 const certPath
= pathUtils
.join(constants
.CONFIG
.STORAGE
.CERT_DIR
, constants
.PRIVATE_CERT_NAME
)
102 fs
.readFile(certPath
, 'utf8', callback
)
105 function getMyPublicCert (callback
) {
106 const certPath
= pathUtils
.join(constants
.CONFIG
.STORAGE
.CERT_DIR
, constants
.PUBLIC_CERT_NAME
)
107 fs
.readFile(certPath
, 'utf8', callback
)
110 // ---------------------------------------------------------------------------
112 module
.exports
= peertubeCrypto
114 // ---------------------------------------------------------------------------
116 function certsExist (callback
) {
117 const certPath
= pathUtils
.join(constants
.CONFIG
.STORAGE
.CERT_DIR
, constants
.PRIVATE_CERT_NAME
)
118 fs
.access(certPath
, function (err
) {
119 // If there is an error the certificates do not exist
121 return callback(null, exists
)
125 function createCerts (callback
) {
126 certsExist(function (err
, exist
) {
127 if (err
) return callback(err
)
129 if (exist
=== true) {
130 const string
= 'Certs already exist.'
131 logger
.warning(string
)
132 return callback(new Error(string
))
135 logger
.info('Generating a RSA key...')
137 const privateCertPath
= pathUtils
.join(constants
.CONFIG
.STORAGE
.CERT_DIR
, constants
.PRIVATE_CERT_NAME
)
138 const genRsaOptions
= {
139 'out': privateCertPath
,
142 openssl
.exec('genrsa', genRsaOptions
, function (err
) {
144 logger
.error('Cannot create private key on this pod.')
148 logger
.info('RSA key generated.')
149 logger
.info('Managing public key...')
151 const publicCertPath
= pathUtils
.join(constants
.CONFIG
.STORAGE
.CERT_DIR
, 'peertube.pub')
153 'in': privateCertPath
,
155 'out': publicCertPath
157 openssl
.exec('rsa', rsaOptions
, function (err
) {
159 logger
.error('Cannot create public key on this pod.')
163 logger
.info('Public key managed.')
164 return callback(null)