X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=server%2Fhelpers%2Fpeertube-crypto.ts;h=04a8d5681d6be87cc97746a35efff993b5f59413;hb=efc32059d980c51793e8e9ac0fb6a885a8026f94;hp=a4e9672e61927c184a4cf1da07274aca7b1fad09;hpb=65fcc3119c334b75dd13bcfdebf186afdc580a8f;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts index a4e9672e6..04a8d5681 100644 --- a/server/helpers/peertube-crypto.ts +++ b/server/helpers/peertube-crypto.ts @@ -1,171 +1,82 @@ -import crypto = require('crypto') -import bcrypt = require('bcrypt') -import fs = require('fs') -import openssl = require('openssl-wrapper') -import { join } from 'path' +import * as jsonld from 'jsonld' +import * as jsig from 'jsonld-signatures' +jsig.use('jsonld', jsonld) import { - SIGNATURE_ALGORITHM, - SIGNATURE_ENCODING, - PRIVATE_CERT_NAME, - CONFIG, - BCRYPT_SALT_SIZE, - PUBLIC_CERT_NAME + PRIVATE_RSA_KEY_SIZE, + BCRYPT_SALT_SIZE } from '../initializers' +import { + bcryptComparePromise, + bcryptGenSaltPromise, + bcryptHashPromise, + createPrivateKey, + getPublicKey +} from './core-utils' import { logger } from './logger' +import { AccountInstance } from '../models/account/account-interface' -function checkSignature (publicKey, data, hexSignature) { - const verify = crypto.createVerify(SIGNATURE_ALGORITHM) - - let dataString - if (typeof data === 'string') { - dataString = data - } else { - try { - dataString = JSON.stringify(data) - } catch (err) { - logger.error('Cannot check signature.', { error: err }) - return false - } - } +async function createPrivateAndPublicKeys () { + logger.info('Generating a RSA key...') - verify.update(dataString, 'utf8') + const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE) + const { publicKey } = await getPublicKey(key) - const isValid = verify.verify(publicKey, hexSignature, SIGNATURE_ENCODING) - return isValid + return { privateKey: key, publicKey } } -function sign (data) { - const sign = crypto.createSign(SIGNATURE_ALGORITHM) - - let dataString - if (typeof data === 'string') { - dataString = data - } else { - try { - dataString = JSON.stringify(data) - } catch (err) { - logger.error('Cannot sign data.', { error: err }) - return '' - } +function isSignatureVerified (fromAccount: AccountInstance, signedDocument: object) { + const publicKeyObject = { + '@context': jsig.SECURITY_CONTEXT_URL, + '@id': fromAccount.url, + '@type': 'CryptographicKey', + owner: fromAccount.url, + publicKeyPem: fromAccount.publicKey } - sign.update(dataString, 'utf8') - - // TODO: make async - const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) - const myKey = fs.readFileSync(certPath) - const signature = sign.sign(myKey.toString(), SIGNATURE_ENCODING) - - return signature -} - -function comparePassword (plainPassword, hashPassword, callback) { - bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { - if (err) return callback(err) - - return callback(null, isPasswordMatch) - }) -} - -function createCertsIfNotExist (callback) { - certsExist(function (err, exist) { - if (err) return callback(err) + const publicKeyOwnerObject = { + '@context': jsig.SECURITY_CONTEXT_URL, + '@id': fromAccount.url, + publicKey: [ publicKeyObject ] + } - if (exist === true) { - return callback(null) - } + const options = { + publicKey: publicKeyObject, + publicKeyOwner: publicKeyOwnerObject + } - createCerts(function (err) { - return callback(err) + return jsig.promises.verify(signedDocument, options) + .catch(err => { + logger.error('Cannot check signature.', err) + return false }) - }) } -function cryptPassword (password, callback) { - bcrypt.genSalt(BCRYPT_SALT_SIZE, function (err, salt) { - if (err) return callback(err) +function signObject (byAccount: AccountInstance, data: any) { + const options = { + privateKeyPem: byAccount.privateKey, + creator: byAccount.url + } - bcrypt.hash(password, salt, function (err, hash) { - return callback(err, hash) - }) - }) + return jsig.promises.sign(data, options) } -function getMyPrivateCert (callback) { - const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) - fs.readFile(certPath, 'utf8', callback) +function comparePassword (plainPassword: string, hashPassword: string) { + return bcryptComparePromise(plainPassword, hashPassword) } -function getMyPublicCert (callback) { - const certPath = join(CONFIG.STORAGE.CERT_DIR, PUBLIC_CERT_NAME) - fs.readFile(certPath, 'utf8', callback) +async function cryptPassword (password: string) { + const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE) + + return bcryptHashPromise(password, salt) } // --------------------------------------------------------------------------- export { - checkSignature, + isSignatureVerified, comparePassword, - createCertsIfNotExist, + createPrivateAndPublicKeys, cryptPassword, - getMyPrivateCert, - getMyPublicCert, - sign -} - -// --------------------------------------------------------------------------- - -function certsExist (callback) { - const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) - fs.access(certPath, function (err) { - // If there is an error the certificates do not exist - const exists = !err - return callback(null, exists) - }) -} - -function createCerts (callback) { - certsExist(function (err, exist) { - if (err) return callback(err) - - if (exist === true) { - const string = 'Certs already exist.' - logger.warning(string) - return callback(new Error(string)) - } - - logger.info('Generating a RSA key...') - - const privateCertPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) - const genRsaOptions = { - 'out': privateCertPath, - '2048': false - } - openssl.exec('genrsa', genRsaOptions, function (err) { - if (err) { - logger.error('Cannot create private key on this pod.') - return callback(err) - } - - logger.info('RSA key generated.') - logger.info('Managing public key...') - - const publicCertPath = join(CONFIG.STORAGE.CERT_DIR, 'peertube.pub') - const rsaOptions = { - 'in': privateCertPath, - 'pubout': true, - 'out': publicCertPath - } - openssl.exec('rsa', rsaOptions, function (err) { - if (err) { - logger.error('Cannot create public key on this pod.') - return callback(err) - } - - logger.info('Public key managed.') - return callback(null) - }) - }) - }) + signObject }