X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fhelpers%2Fpeertube-crypto.ts;h=6d50e446f59a124488f2eb392e3212142d426e69;hb=e4f97babf701481b55cc10fb3448feab5f97c867;hp=10a226af47b2357d2ec8e133d88fe151389a5b9c;hpb=53abc4c272be9ecc951274458d054dbaf86e594d;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts index 10a226af4..6d50e446f 100644 --- a/server/helpers/peertube-crypto.ts +++ b/server/helpers/peertube-crypto.ts @@ -1,77 +1,68 @@ -import * as crypto from 'crypto' -import { join } from 'path' +import * as jsig from 'jsonld-signatures' import { - SIGNATURE_ALGORITHM, - SIGNATURE_ENCODING, - PRIVATE_CERT_NAME, - CONFIG, - BCRYPT_SALT_SIZE, - PUBLIC_CERT_NAME + PRIVATE_RSA_KEY_SIZE, + BCRYPT_SALT_SIZE } from '../initializers' import { - readFilePromise, bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, - accessPromise, - opensslExecPromise + createPrivateKey, + getPublicKey, + jsonldSignPromise, + jsonldVerifyPromise } from './core-utils' import { logger } from './logger' +import { AccountInstance } from '../models/account/account-interface' -function checkSignature (publicKey: string, data: string, hexSignature: string) { - const verify = crypto.createVerify(SIGNATURE_ALGORITHM) - - let dataString - if (typeof data === 'string') { - dataString = data - } else { - try { - dataString = JSON.stringify(data) - } catch (err) { - logger.error('Cannot check signature.', err) - return false - } - } +async function createPrivateAndPublicKeys () { + logger.info('Generating a RSA key...') - verify.update(dataString, 'utf8') + const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE) + const { publicKey } = await getPublicKey(key) - const isValid = verify.verify(publicKey, hexSignature, SIGNATURE_ENCODING) - return isValid + return { privateKey: key, publicKey } } -async function sign (data: string | Object) { - const sign = crypto.createSign(SIGNATURE_ALGORITHM) - - let dataString: string - if (typeof data === 'string') { - dataString = data - } else { - try { - dataString = JSON.stringify(data) - } catch (err) { - logger.error('Cannot sign data.', err) - return '' - } +function isSignatureVerified (fromAccount: AccountInstance, signedDocument: object) { + const publicKeyObject = { + '@context': jsig.SECURITY_CONTEXT_URL, + '@id': fromAccount.url, + '@type': 'CryptographicKey', + owner: fromAccount.url, + publicKeyPem: fromAccount.publicKey } - sign.update(dataString, 'utf8') + const publicKeyOwnerObject = { + '@context': jsig.SECURITY_CONTEXT_URL, + '@id': fromAccount.url, + publicKey: [ publicKeyObject ] + } - const myKey = await getMyPrivateCert() - return sign.sign(myKey, SIGNATURE_ENCODING) -} + const options = { + publicKey: publicKeyObject, + publicKeyOwner: publicKeyOwnerObject + } -function comparePassword (plainPassword: string, hashPassword: string) { - return bcryptComparePromise(plainPassword, hashPassword) + return jsonldVerifyPromise(signedDocument, options) + .catch(err => { + logger.error('Cannot check signature.', err) + return false + }) } -async function createCertsIfNotExist () { - const exist = await certsExist() - if (exist === true) { - return +function signObject (byAccount: AccountInstance, data: any) { + const options = { + privateKeyPem: byAccount.privateKey, + creator: byAccount.url } - return createCerts() + return jsonldSignPromise(data, options) +} + +function comparePassword (plainPassword: string, hashPassword: string) { + return bcryptComparePromise(plainPassword, hashPassword) } async function cryptPassword (password: string) { @@ -80,69 +71,12 @@ async function cryptPassword (password: string) { return bcryptHashPromise(password, salt) } -function getMyPrivateCert () { - const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) - return readFilePromise(certPath, 'utf8') -} - -function getMyPublicCert () { - const certPath = join(CONFIG.STORAGE.CERT_DIR, PUBLIC_CERT_NAME) - return readFilePromise(certPath, 'utf8') -} - // --------------------------------------------------------------------------- export { - checkSignature, + isSignatureVerified, comparePassword, - createCertsIfNotExist, + createPrivateAndPublicKeys, cryptPassword, - getMyPrivateCert, - getMyPublicCert, - sign -} - -// --------------------------------------------------------------------------- - -async function certsExist () { - const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) - - // If there is an error the certificates do not exist - try { - await accessPromise(certPath) - - return true - } catch { - return false - } -} - -async function createCerts () { - const exist = await certsExist() - if (exist === true) { - const errorMessage = 'Certs already exist.' - logger.warning(errorMessage) - throw new Error(errorMessage) - } - - logger.info('Generating a RSA key...') - - const privateCertPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME) - const genRsaOptions = { - 'out': privateCertPath, - '2048': false - } - - await opensslExecPromise('genrsa', genRsaOptions) - logger.info('RSA key generated.') - logger.info('Managing public key...') - - const publicCertPath = join(CONFIG.STORAGE.CERT_DIR, 'peertube.pub') - const rsaOptions = { - 'in': privateCertPath, - 'pubout': true, - 'out': publicCertPath - } - - await opensslExecPromise('rsa', rsaOptions) + signObject }