PeerTube/server/helpers/peertube-crypto.ts

import * as crypto from 'crypto'
import { join } from 'path'

import {
  SIGNATURE_ALGORITHM,
  SIGNATURE_ENCODING,
  PRIVATE_CERT_NAME,
  CONFIG,
  BCRYPT_SALT_SIZE,
  PUBLIC_CERT_NAME
} from '../initializers'
import {
  readFilePromise,
  bcryptComparePromise,
  bcryptGenSaltPromise,
  bcryptHashPromise,
  accessPromise,
  opensslExecPromise
} from './core-utils'
import { logger } from './logger'

function checkSignature (publicKey: string, data: string, hexSignature: string) {
  const verify = crypto.createVerify(SIGNATURE_ALGORITHM)

  let dataString
  if (typeof data === 'string') {
    dataString = data
  } else {
    try {
      dataString = JSON.stringify(data)
    } catch (err) {
      logger.error('Cannot check signature.', err)
      return false
    }
  }

  verify.update(dataString, 'utf8')

  const isValid = verify.verify(publicKey, hexSignature, SIGNATURE_ENCODING)
  return isValid
}

async function sign (data: string | Object) {
  const sign = crypto.createSign(SIGNATURE_ALGORITHM)

  let dataString: string
  if (typeof data === 'string') {
    dataString = data
  } else {
    try {
      dataString = JSON.stringify(data)
    } catch (err) {
      logger.error('Cannot sign data.', err)
      return ''
    }
  }

  sign.update(dataString, 'utf8')

  const myKey = await getMyPrivateCert()
  return sign.sign(myKey, SIGNATURE_ENCODING)
}

function comparePassword (plainPassword: string, hashPassword: string) {
  return bcryptComparePromise(plainPassword, hashPassword)
}

async function createCertsIfNotExist () {
  const exist = await certsExist()
  if (exist === true) {
    return
  }

  return createCerts()
}

async function cryptPassword (password: string) {
  const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)

  return bcryptHashPromise(password, salt)
}

function getMyPrivateCert () {
  const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
  return readFilePromise(certPath, 'utf8')
}

function getMyPublicCert () {
  const certPath = join(CONFIG.STORAGE.CERT_DIR, PUBLIC_CERT_NAME)
  return readFilePromise(certPath, 'utf8')
}

// ---------------------------------------------------------------------------

export {
  checkSignature,
  comparePassword,
  createCertsIfNotExist,
  cryptPassword,
  getMyPrivateCert,
  getMyPublicCert,
  sign
}

// ---------------------------------------------------------------------------

async function certsExist () {
  const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)

  // If there is an error the certificates do not exist
  try {
    await accessPromise(certPath)

    return true
  } catch {
    return false
  }
}

async function createCerts () {
  const exist = await certsExist()
  if (exist === true) {
    const errorMessage = 'Certs already exist.'
    logger.warning(errorMessage)
    throw new Error(errorMessage)
  }

  logger.info('Generating a RSA key...')

  const privateCertPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
  const genRsaOptions = {
    'out': privateCertPath,
    '2048': false
  }

  await opensslExecPromise('genrsa', genRsaOptions)
  logger.info('RSA key generated.')
  logger.info('Managing public key...')

  const publicCertPath = join(CONFIG.STORAGE.CERT_DIR, 'peertube.pub')
  const rsaOptions = {
    'in': privateCertPath,
    'pubout': true,
    'out': publicCertPath
  }

  await opensslExecPromise('rsa', rsaOptions)
}
require -> import 2017-06-05 21:53:49 +02:00			`import * as crypto from 'crypto'`
First typescript iteration 2017-05-15 22:22:03 +02:00			`import { join } from 'path'`

			`import {`
			`SIGNATURE_ALGORITHM,`
			`SIGNATURE_ENCODING,`
			`PRIVATE_CERT_NAME,`
			`CONFIG,`
			`BCRYPT_SALT_SIZE,`
			`PUBLIC_CERT_NAME`
			`} from '../initializers'`
Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 13:26:25 +02:00			`import {`
			`readFilePromise,`
			`bcryptComparePromise,`
			`bcryptGenSaltPromise,`
			`bcryptHashPromise,`
			`accessPromise,`
			`opensslExecPromise`
			`} from './core-utils'`
First typescript iteration 2017-05-15 22:22:03 +02:00			`import { logger } from './logger'`
Remove useless anonymous functions of files 2016-02-07 11:23:23 +01:00
Type functions 2017-06-10 22:15:25 +02:00			`function checkSignature (publicKey: string, data: string, hexSignature: string) {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`const verify = crypto.createVerify(SIGNATURE_ALGORITHM)`
Server: use crypto instead of ursa for pod signature 2017-01-04 22:23:07 +01:00
			`let dataString`
			`if (typeof data === 'string') {`
			`dataString = data`
			`} else {`
			`try {`
			`dataString = JSON.stringify(data)`
			`} catch (err) {`
Fix error logging 2017-07-07 18:26:12 +02:00			`logger.error('Cannot check signature.', err)`
Server: use crypto instead of ursa for pod signature 2017-01-04 22:23:07 +01:00			`return false`
			`}`
			`}`

			`verify.update(dataString, 'utf8')`

First typescript iteration 2017-05-15 22:22:03 +02:00			`const isValid = verify.verify(publicKey, hexSignature, SIGNATURE_ENCODING)`
Update to standard 7. Goodbye snake_case, I used to love you 2016-05-11 21:19:34 +02:00			`return isValid`
Remove useless anonymous functions of files 2016-02-07 11:23:23 +01:00			`}`

Upgrade server packages 2017-10-31 16:31:24 +01:00			`async function sign (data: string \| Object) {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`const sign = crypto.createSign(SIGNATURE_ALGORITHM)`
Server: use crypto instead of ursa for pod signature 2017-01-04 22:23:07 +01:00
Type functions 2017-06-10 22:15:25 +02:00			`let dataString: string`
Server: use crypto instead of ursa for pod signature 2017-01-04 22:23:07 +01:00			`if (typeof data === 'string') {`
			`dataString = data`
			`} else {`
			`try {`
			`dataString = JSON.stringify(data)`
			`} catch (err) {`
Fix error logging 2017-07-07 18:26:12 +02:00			`logger.error('Cannot sign data.', err)`
Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`return ''`
Server: use crypto instead of ursa for pod signature 2017-01-04 22:23:07 +01:00			`}`
			`}`

			`sign.update(dataString, 'utf8')`

Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`const myKey = await getMyPrivateCert()`
Fix lint 2017-10-25 16:52:01 +02:00			`return sign.sign(myKey, SIGNATURE_ENCODING)`
Server: use crypto instead of ursa for pod signature 2017-01-04 22:23:07 +01:00			`}`

Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 13:26:25 +02:00			`function comparePassword (plainPassword: string, hashPassword: string) {`
			`return bcryptComparePromise(plainPassword, hashPassword)`
Server: encrypt password in database 2016-08-25 17:57:37 +02:00			`}`

Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`async function createCertsIfNotExist () {`
			`const exist = await certsExist()`
			`if (exist === true) {`
Fix lint 2017-10-25 16:52:01 +02:00			`return`
Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`}`
Remove useless anonymous functions of files 2016-02-07 11:23:23 +01:00
Upgrade server packages 2017-10-31 16:31:24 +01:00			`return createCerts()`
Remove useless anonymous functions of files 2016-02-07 11:23:23 +01:00			`}`
Split utils file 2016-02-05 18:03:20 +01:00
Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`async function cryptPassword (password: string) {`
			`const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)`

Upgrade server packages 2017-10-31 16:31:24 +01:00			`return bcryptHashPromise(password, salt)`
Server: encrypt password in database 2016-08-25 17:57:37 +02:00			`}`

Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 13:26:25 +02:00			`function getMyPrivateCert () {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)`
Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 13:26:25 +02:00			`return readFilePromise(certPath, 'utf8')`
Server: paths refractoring 2017-01-17 21:42:47 +01:00			`}`

Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 13:26:25 +02:00			`function getMyPublicCert () {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`const certPath = join(CONFIG.STORAGE.CERT_DIR, PUBLIC_CERT_NAME)`
Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 13:26:25 +02:00			`return readFilePromise(certPath, 'utf8')`
Server: paths refractoring 2017-01-17 21:42:47 +01:00			`}`

Remove useless anonymous functions of files 2016-02-07 11:23:23 +01:00			`// ---------------------------------------------------------------------------`
Split utils file 2016-02-05 18:03:20 +01:00
First typescript iteration 2017-05-15 22:22:03 +02:00			`export {`
			`checkSignature,`
			`comparePassword,`
			`createCertsIfNotExist,`
			`cryptPassword,`
			`getMyPrivateCert,`
			`getMyPublicCert,`
			`sign`
			`}`
Split utils file 2016-02-05 18:03:20 +01:00
Remove useless anonymous functions of files 2016-02-07 11:23:23 +01:00			`// ---------------------------------------------------------------------------`
Split utils file 2016-02-05 18:03:20 +01:00
Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`async function certsExist () {`
First typescript iteration 2017-05-15 22:22:03 +02:00			`const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)`
Remove useless anonymous functions of files 2016-02-07 11:23:23 +01:00
Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 13:26:25 +02:00			`// If there is an error the certificates do not exist`
Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`try {`
			`await accessPromise(certPath)`

			`return true`
			`} catch {`
			`return false`
			`}`
Move to promises Closes https://github.com/Chocobozzz/PeerTube/issues/74 2017-07-05 13:26:25 +02:00			`}`
Update standard -> 10 2017-04-16 14:25:37 +02:00
Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`async function createCerts () {`
			`const exist = await certsExist()`
			`if (exist === true) {`
			`const errorMessage = 'Certs already exist.'`
			`logger.warning(errorMessage)`
			`throw new Error(errorMessage)`
			`}`
Remove useless anonymous functions of files 2016-02-07 11:23:23 +01:00
Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`logger.info('Generating a RSA key...')`
Server: put config in constants 2016-08-19 21:34:51 +02:00
Use async/await in lib and initializers 2017-10-25 16:03:33 +02:00			`const privateCertPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)`
			`const genRsaOptions = {`
			`'out': privateCertPath,`
			`'2048': false`
			`}`

			`await opensslExecPromise('genrsa', genRsaOptions)`
			`logger.info('RSA key generated.')`
			`logger.info('Managing public key...')`

			`const publicCertPath = join(CONFIG.STORAGE.CERT_DIR, 'peertube.pub')`
			`const rsaOptions = {`
			`'in': privateCertPath,`
			`'pubout': true,`
			`'out': publicCertPath`
			`}`

			`await opensslExecPromise('rsa', rsaOptions)`
Remove useless anonymous functions of files 2016-02-07 11:23:23 +01:00			`}`