server/helpers/peertube-crypto.ts

   1 import { BCRYPT_SALT_SIZE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
   2 import { ActorModel } from '../models/activitypub/actor'
   3 import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'
   4 import { jsig } from './custom-jsonld-signature'
   5 import { logger } from './logger'
   6
   7 async function createPrivateAndPublicKeys () {
   8   logger.info('Generating a RSA key...')
   9
  10   const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
  11   const { publicKey } = await getPublicKey(key)
  12
  13   return { privateKey: key, publicKey }
  14 }
  15
  16 function isSignatureVerified (fromActor: ActorModel, signedDocument: object) {
  17   const publicKeyObject = {
  18     '@context': jsig.SECURITY_CONTEXT_URL,
  19     '@id': fromActor.url,
  20     '@type':  'CryptographicKey',
  21     owner: fromActor.url,
  22     publicKeyPem: fromActor.publicKey
  23   }
  24
  25   const publicKeyOwnerObject = {
  26     '@context': jsig.SECURITY_CONTEXT_URL,
  27     '@id': fromActor.url,
  28     publicKey: [ publicKeyObject ]
  29   }
  30
  31   const options = {
  32     publicKey: publicKeyObject,
  33     publicKeyOwner: publicKeyOwnerObject
  34   }
  35
  36   return jsig.promises.verify(signedDocument, options)
  37     .catch(err => {
  38       logger.error('Cannot check signature.', err)
  39       return false
  40     })
  41 }
  42
  43 function signObject (byActor: ActorModel, data: any) {
  44   const options = {
  45     privateKeyPem: byActor.privateKey,
  46     creator: byActor.url,
  47     algorithm: 'RsaSignature2017'
  48   }
  49
  50   return jsig.promises.sign(data, options)
  51 }
  52
  53 function comparePassword (plainPassword: string, hashPassword: string) {
  54   return bcryptComparePromise(plainPassword, hashPassword)
  55 }
  56
  57 async function cryptPassword (password: string) {
  58   const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
  59
  60   return bcryptHashPromise(password, salt)
  61 }
  62
  63 // ---------------------------------------------------------------------------
  64
  65 export {
  66   isSignatureVerified,
  67   comparePassword,
  68   createPrivateAndPublicKeys,
  69   cryptPassword,
  70   signObject
  71 }