diff options
Diffstat (limited to 'server/helpers/peertube-crypto.js')
-rw-r--r-- | server/helpers/peertube-crypto.js | 168 |
1 files changed, 0 insertions, 168 deletions
diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js deleted file mode 100644 index 55ae6fab3..000000000 --- a/server/helpers/peertube-crypto.js +++ /dev/null | |||
@@ -1,168 +0,0 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | const crypto = require('crypto') | ||
4 | const bcrypt = require('bcrypt') | ||
5 | const fs = require('fs') | ||
6 | const openssl = require('openssl-wrapper') | ||
7 | const pathUtils = require('path') | ||
8 | |||
9 | const constants = require('../initializers/constants') | ||
10 | const logger = require('./logger') | ||
11 | |||
12 | const peertubeCrypto = { | ||
13 | checkSignature, | ||
14 | comparePassword, | ||
15 | createCertsIfNotExist, | ||
16 | cryptPassword, | ||
17 | getMyPrivateCert, | ||
18 | getMyPublicCert, | ||
19 | sign | ||
20 | } | ||
21 | |||
22 | function checkSignature (publicKey, data, hexSignature) { | ||
23 | const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM) | ||
24 | |||
25 | let dataString | ||
26 | if (typeof data === 'string') { | ||
27 | dataString = data | ||
28 | } else { | ||
29 | try { | ||
30 | dataString = JSON.stringify(data) | ||
31 | } catch (err) { | ||
32 | logger.error('Cannot check signature.', { error: err }) | ||
33 | return false | ||
34 | } | ||
35 | } | ||
36 | |||
37 | verify.update(dataString, 'utf8') | ||
38 | |||
39 | const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING) | ||
40 | return isValid | ||
41 | } | ||
42 | |||
43 | function sign (data) { | ||
44 | const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM) | ||
45 | |||
46 | let dataString | ||
47 | if (typeof data === 'string') { | ||
48 | dataString = data | ||
49 | } else { | ||
50 | try { | ||
51 | dataString = JSON.stringify(data) | ||
52 | } catch (err) { | ||
53 | logger.error('Cannot sign data.', { error: err }) | ||
54 | return '' | ||
55 | } | ||
56 | } | ||
57 | |||
58 | sign.update(dataString, 'utf8') | ||
59 | |||
60 | // TODO: make async | ||
61 | const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME) | ||
62 | const myKey = fs.readFileSync(certPath) | ||
63 | const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING) | ||
64 | |||
65 | return signature | ||
66 | } | ||
67 | |||
68 | function comparePassword (plainPassword, hashPassword, callback) { | ||
69 | bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { | ||
70 | if (err) return callback(err) | ||
71 | |||
72 | return callback(null, isPasswordMatch) | ||
73 | }) | ||
74 | } | ||
75 | |||
76 | function createCertsIfNotExist (callback) { | ||
77 | certsExist(function (err, exist) { | ||
78 | if (err) return callback(err) | ||
79 | |||
80 | if (exist === true) { | ||
81 | return callback(null) | ||
82 | } | ||
83 | |||
84 | createCerts(function (err) { | ||
85 | return callback(err) | ||
86 | }) | ||
87 | }) | ||
88 | } | ||
89 | |||
90 | function cryptPassword (password, callback) { | ||
91 | bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) { | ||
92 | if (err) return callback(err) | ||
93 | |||
94 | bcrypt.hash(password, salt, function (err, hash) { | ||
95 | return callback(err, hash) | ||
96 | }) | ||
97 | }) | ||
98 | } | ||
99 | |||
100 | function getMyPrivateCert (callback) { | ||
101 | const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME) | ||
102 | fs.readFile(certPath, 'utf8', callback) | ||
103 | } | ||
104 | |||
105 | function getMyPublicCert (callback) { | ||
106 | const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PUBLIC_CERT_NAME) | ||
107 | fs.readFile(certPath, 'utf8', callback) | ||
108 | } | ||
109 | |||
110 | // --------------------------------------------------------------------------- | ||
111 | |||
112 | module.exports = peertubeCrypto | ||
113 | |||
114 | // --------------------------------------------------------------------------- | ||
115 | |||
116 | function certsExist (callback) { | ||
117 | const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME) | ||
118 | fs.access(certPath, function (err) { | ||
119 | // If there is an error the certificates do not exist | ||
120 | const exists = !err | ||
121 | return callback(null, exists) | ||
122 | }) | ||
123 | } | ||
124 | |||
125 | function createCerts (callback) { | ||
126 | certsExist(function (err, exist) { | ||
127 | if (err) return callback(err) | ||
128 | |||
129 | if (exist === true) { | ||
130 | const string = 'Certs already exist.' | ||
131 | logger.warning(string) | ||
132 | return callback(new Error(string)) | ||
133 | } | ||
134 | |||
135 | logger.info('Generating a RSA key...') | ||
136 | |||
137 | const privateCertPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME) | ||
138 | const genRsaOptions = { | ||
139 | 'out': privateCertPath, | ||
140 | '2048': false | ||
141 | } | ||
142 | openssl.exec('genrsa', genRsaOptions, function (err) { | ||
143 | if (err) { | ||
144 | logger.error('Cannot create private key on this pod.') | ||
145 | return callback(err) | ||
146 | } | ||
147 | |||
148 | logger.info('RSA key generated.') | ||
149 | logger.info('Managing public key...') | ||
150 | |||
151 | const publicCertPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, 'peertube.pub') | ||
152 | const rsaOptions = { | ||
153 | 'in': privateCertPath, | ||
154 | 'pubout': true, | ||
155 | 'out': publicCertPath | ||
156 | } | ||
157 | openssl.exec('rsa', rsaOptions, function (err) { | ||
158 | if (err) { | ||
159 | logger.error('Cannot create public key on this pod.') | ||
160 | return callback(err) | ||
161 | } | ||
162 | |||
163 | logger.info('Public key managed.') | ||
164 | return callback(null) | ||
165 | }) | ||
166 | }) | ||
167 | }) | ||
168 | } | ||