diff options
Diffstat (limited to 'server/helpers/peertube-crypto.js')
-rw-r--r-- | server/helpers/peertube-crypto.js | 60 |
1 files changed, 42 insertions, 18 deletions
diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js index 46dff8d03..1ff638b04 100644 --- a/server/helpers/peertube-crypto.js +++ b/server/helpers/peertube-crypto.js | |||
@@ -1,24 +1,24 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const config = require('config') | 3 | const bcrypt = require('bcrypt') |
4 | const crypto = require('crypto') | 4 | const crypto = require('crypto') |
5 | const fs = require('fs') | 5 | const fs = require('fs') |
6 | const openssl = require('openssl-wrapper') | 6 | const openssl = require('openssl-wrapper') |
7 | const path = require('path') | ||
8 | const ursa = require('ursa') | 7 | const ursa = require('ursa') |
9 | 8 | ||
9 | const constants = require('../initializers/constants') | ||
10 | const logger = require('./logger') | 10 | const logger = require('./logger') |
11 | 11 | ||
12 | const certDir = path.join(__dirname, '..', '..', config.get('storage.certs')) | ||
13 | const algorithm = 'aes-256-ctr' | 12 | const algorithm = 'aes-256-ctr' |
14 | 13 | ||
15 | const peertubeCrypto = { | 14 | const peertubeCrypto = { |
16 | checkSignature: checkSignature, | 15 | checkSignature, |
17 | createCertsIfNotExist: createCertsIfNotExist, | 16 | comparePassword, |
18 | decrypt: decrypt, | 17 | createCertsIfNotExist, |
19 | encrypt: encrypt, | 18 | cryptPassword, |
20 | getCertDir: getCertDir, | 19 | decrypt, |
21 | sign: sign | 20 | encrypt, |
21 | sign | ||
22 | } | 22 | } |
23 | 23 | ||
24 | function checkSignature (publicKey, rawData, hexSignature) { | 24 | function checkSignature (publicKey, rawData, hexSignature) { |
@@ -27,6 +27,14 @@ function checkSignature (publicKey, rawData, hexSignature) { | |||
27 | return isValid | 27 | return isValid |
28 | } | 28 | } |
29 | 29 | ||
30 | function comparePassword (plainPassword, hashPassword, callback) { | ||
31 | bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { | ||
32 | if (err) return callback(err) | ||
33 | |||
34 | return callback(null, isPasswordMatch) | ||
35 | }) | ||
36 | } | ||
37 | |||
30 | function createCertsIfNotExist (callback) { | 38 | function createCertsIfNotExist (callback) { |
31 | certsExist(function (exist) { | 39 | certsExist(function (exist) { |
32 | if (exist === true) { | 40 | if (exist === true) { |
@@ -39,8 +47,18 @@ function createCertsIfNotExist (callback) { | |||
39 | }) | 47 | }) |
40 | } | 48 | } |
41 | 49 | ||
50 | function cryptPassword (password, callback) { | ||
51 | bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) { | ||
52 | if (err) return callback(err) | ||
53 | |||
54 | bcrypt.hash(password, salt, function (err, hash) { | ||
55 | return callback(err, hash) | ||
56 | }) | ||
57 | }) | ||
58 | } | ||
59 | |||
42 | function decrypt (key, data, callback) { | 60 | function decrypt (key, data, callback) { |
43 | fs.readFile(getCertDir() + 'peertube.key.pem', function (err, file) { | 61 | fs.readFile(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (err, file) { |
44 | if (err) return callback(err) | 62 | if (err) return callback(err) |
45 | 63 | ||
46 | const myPrivateKey = ursa.createPrivateKey(file) | 64 | const myPrivateKey = ursa.createPrivateKey(file) |
@@ -67,12 +85,8 @@ function encrypt (publicKey, data, callback) { | |||
67 | }) | 85 | }) |
68 | } | 86 | } |
69 | 87 | ||
70 | function getCertDir () { | ||
71 | return certDir | ||
72 | } | ||
73 | |||
74 | function sign (data) { | 88 | function sign (data) { |
75 | const myKey = ursa.createPrivateKey(fs.readFileSync(certDir + 'peertube.key.pem')) | 89 | const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem')) |
76 | const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex') | 90 | const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex') |
77 | 91 | ||
78 | return signature | 92 | return signature |
@@ -85,7 +99,7 @@ module.exports = peertubeCrypto | |||
85 | // --------------------------------------------------------------------------- | 99 | // --------------------------------------------------------------------------- |
86 | 100 | ||
87 | function certsExist (callback) { | 101 | function certsExist (callback) { |
88 | fs.exists(certDir + 'peertube.key.pem', function (exists) { | 102 | fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) { |
89 | return callback(exists) | 103 | return callback(exists) |
90 | }) | 104 | }) |
91 | } | 105 | } |
@@ -99,15 +113,25 @@ function createCerts (callback) { | |||
99 | } | 113 | } |
100 | 114 | ||
101 | logger.info('Generating a RSA key...') | 115 | logger.info('Generating a RSA key...') |
102 | openssl.exec('genrsa', { 'out': certDir + 'peertube.key.pem', '2048': false }, function (err) { | 116 | |
117 | let options = { | ||
118 | 'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', | ||
119 | '2048': false | ||
120 | } | ||
121 | openssl.exec('genrsa', options, function (err) { | ||
103 | if (err) { | 122 | if (err) { |
104 | logger.error('Cannot create private key on this pod.') | 123 | logger.error('Cannot create private key on this pod.') |
105 | return callback(err) | 124 | return callback(err) |
106 | } | 125 | } |
107 | logger.info('RSA key generated.') | 126 | logger.info('RSA key generated.') |
108 | 127 | ||
128 | options = { | ||
129 | 'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', | ||
130 | 'pubout': true, | ||
131 | 'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub' | ||
132 | } | ||
109 | logger.info('Manage public key...') | 133 | logger.info('Manage public key...') |
110 | openssl.exec('rsa', { 'in': certDir + 'peertube.key.pem', 'pubout': true, 'out': certDir + 'peertube.pub' }, function (err) { | 134 | openssl.exec('rsa', options, function (err) { |
111 | if (err) { | 135 | if (err) { |
112 | logger.error('Cannot create public key on this pod.') | 136 | logger.error('Cannot create public key on this pod.') |
113 | return callback(err) | 137 | return callback(err) |