server/helpers/peertube-crypto.js

   1 'use strict'
   2
   3 const bcrypt = require('bcrypt')
   4 const crypto = require('crypto')
   5 const fs = require('fs')
   6 const openssl = require('openssl-wrapper')
   7 const ursa = require('ursa')
   8
   9 const constants = require('../initializers/constants')
  10 const logger = require('./logger')
  11
  12 const peertubeCrypto = {
  13   checkSignature,
  14   comparePassword,
  15   createCertsIfNotExist,
  16   cryptPassword,
  17   sign
  18 }
  19
  20 function checkSignature (publicKey, rawData, hexSignature) {
  21   const crt = ursa.createPublicKey(publicKey)
  22   const isValid = crt.hashAndVerify('sha256', new Buffer(rawData).toString('hex'), hexSignature, 'hex')
  23   return isValid
  24 }
  25
  26 function comparePassword (plainPassword, hashPassword, callback) {
  27   bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
  28     if (err) return callback(err)
  29
  30     return callback(null, isPasswordMatch)
  31   })
  32 }
  33
  34 function createCertsIfNotExist (callback) {
  35   certsExist(function (exist) {
  36     if (exist === true) {
  37       return callback(null)
  38     }
  39
  40     createCerts(function (err) {
  41       return callback(err)
  42     })
  43   })
  44 }
  45
  46 function cryptPassword (password, callback) {
  47   bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
  48     if (err) return callback(err)
  49
  50     bcrypt.hash(password, salt, function (err, hash) {
  51       return callback(err, hash)
  52     })
  53   })
  54 }
  55
  56 function sign (data) {
  57   const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
  58   const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
  59
  60   return signature
  61 }
  62
  63 // ---------------------------------------------------------------------------
  64
  65 module.exports = peertubeCrypto
  66
  67 // ---------------------------------------------------------------------------
  68
  69 function certsExist (callback) {
  70   fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
  71     return callback(exists)
  72   })
  73 }
  74
  75 function createCerts (callback) {
  76   certsExist(function (exist) {
  77     if (exist === true) {
  78       const string = 'Certs already exist.'
  79       logger.warning(string)
  80       return callback(new Error(string))
  81     }
  82
  83     logger.info('Generating a RSA key...')
  84
  85     let options = {
  86       'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
  87       '2048': false
  88     }
  89     openssl.exec('genrsa', options, function (err) {
  90       if (err) {
  91         logger.error('Cannot create private key on this pod.')
  92         return callback(err)
  93       }
  94       logger.info('RSA key generated.')
  95
  96       options = {
  97         'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
  98         'pubout': true,
  99         'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
 100       }
 101       logger.info('Manage public key...')
 102       openssl.exec('rsa', options, function (err) {
 103         if (err) {
 104           logger.error('Cannot create public key on this pod.')
 105           return callback(err)
 106         }
 107
 108         logger.info('Public key managed.')
 109         return callback(null)
 110       })
 111     })
 112   })
 113 }