server/helpers/peertube-crypto.ts

   1 import { Request } from 'express'
   2 import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
   3 import { ActorModel } from '../models/activitypub/actor'
   4 import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'
   5 import { jsig } from './custom-jsonld-signature'
   6 import { logger } from './logger'
   7
   8 const httpSignature = require('http-signature')
   9
  10 async function createPrivateAndPublicKeys () {
  11   logger.info('Generating a RSA key...')
  12
  13   const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
  14   const { publicKey } = await getPublicKey(key)
  15
  16   return { privateKey: key, publicKey }
  17 }
  18
  19 // User password checks
  20
  21 function comparePassword (plainPassword: string, hashPassword: string) {
  22   return bcryptComparePromise(plainPassword, hashPassword)
  23 }
  24
  25 async function cryptPassword (password: string) {
  26   const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
  27
  28   return bcryptHashPromise(password, salt)
  29 }
  30
  31 // HTTP Signature
  32
  33 function isHTTPSignatureVerified (httpSignatureParsed: any, actor: ActorModel) {
  34   return httpSignature.verifySignature(httpSignatureParsed, actor.publicKey) === true
  35 }
  36
  37 function parseHTTPSignature (req: Request) {
  38   return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME })
  39 }
  40
  41 // JSONLD
  42
  43 function isJsonLDSignatureVerified (fromActor: ActorModel, signedDocument: any) {
  44   const publicKeyObject = {
  45     '@context': jsig.SECURITY_CONTEXT_URL,
  46     id: fromActor.url,
  47     type:  'CryptographicKey',
  48     owner: fromActor.url,
  49     publicKeyPem: fromActor.publicKey
  50   }
  51
  52   const publicKeyOwnerObject = {
  53     '@context': jsig.SECURITY_CONTEXT_URL,
  54     id: fromActor.url,
  55     publicKey: [ publicKeyObject ]
  56   }
  57
  58   const options = {
  59     publicKey: publicKeyObject,
  60     publicKeyOwner: publicKeyOwnerObject
  61   }
  62
  63   return jsig.promises
  64              .verify(signedDocument, options)
  65              .then((result: { verified: boolean }) => result.verified)
  66              .catch(err => {
  67                logger.error('Cannot check signature.', { err })
  68                return false
  69              })
  70 }
  71
  72 function signJsonLDObject (byActor: ActorModel, data: any) {
  73   const options = {
  74     privateKeyPem: byActor.privateKey,
  75     creator: byActor.url,
  76     algorithm: 'RsaSignature2017'
  77   }
  78
  79   return jsig.promises.sign(data, options)
  80 }
  81
  82 // ---------------------------------------------------------------------------
  83
  84 export {
  85   parseHTTPSignature,
  86   isHTTPSignatureVerified,
  87   isJsonLDSignatureVerified,
  88   comparePassword,
  89   createPrivateAndPublicKeys,
  90   cryptPassword,
  91   signJsonLDObject
  92 }