peertube/server/helpers/peertube-crypto.ts

import { BCRYPT_SALT_SIZE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
import { ActorModel } from '../models/activitypub/actor'
import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'
import { jsig } from './custom-jsonld-signature'
import { logger } from './logger'

async function createPrivateAndPublicKeys () {
  logger.info('Generating a RSA key...')

  const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
  const { publicKey } = await getPublicKey(key)

  return { privateKey: key, publicKey }
}

function isSignatureVerified (fromActor: ActorModel, signedDocument: object) {
  const publicKeyObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    '@id': fromActor.url,
    '@type':  'CryptographicKey',
    owner: fromActor.url,
    publicKeyPem: fromActor.publicKey
  }

  const publicKeyOwnerObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
    '@id': fromActor.url,
    publicKey: [ publicKeyObject ]
  }

  const options = {
    publicKey: publicKeyObject,
    publicKeyOwner: publicKeyOwnerObject
  }

  return jsig.promises.verify(signedDocument, options)
    .catch(err => {
      logger.error('Cannot check signature.', { err })
      return false
    })
}

function signObject (byActor: ActorModel, data: any) {
  const options = {
    privateKeyPem: byActor.privateKey,
    creator: byActor.url,
    algorithm: 'RsaSignature2017'
  }

  return jsig.promises.sign(data, options)
}

function comparePassword (plainPassword: string, hashPassword: string) {
  return bcryptComparePromise(plainPassword, hashPassword)
}

async function cryptPassword (password: string) {
  const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)

  return bcryptHashPromise(password, salt)
}

// ---------------------------------------------------------------------------

export {
  isSignatureVerified,
  comparePassword,
  createPrivateAndPublicKeys,
  cryptPassword,
  signObject
}
Cleanup helpers 2017-11-23 11:53:38 -05:00			`import { BCRYPT_SALT_SIZE, PRIVATE_RSA_KEY_SIZE } from '../initializers'`
Begin moving video channel to actor 2017-12-14 11:38:41 -05:00			`import { ActorModel } from '../models/activitypub/actor'`
Cleanup helpers 2017-11-23 11:53:38 -05:00			`import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'`
Optimize signature verification 2017-11-17 09:20:42 -05:00			`import { jsig } from './custom-jsonld-signature'`
Cleanup helpers 2017-11-23 11:53:38 -05:00			`import { logger } from './logger'`
Remove useless anonymous functions of files 2016-02-07 05:23:23 -05:00
Begin activitypub 2017-11-09 11:51:58 -05:00			`async function createPrivateAndPublicKeys () {`
			`logger.info('Generating a RSA key...')`
Server: use crypto instead of ursa for pod signature 2017-01-04 16:23:07 -05:00
Begin activitypub 2017-11-09 11:51:58 -05:00			`const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)`
			`const { publicKey } = await getPublicKey(key)`
Server: use crypto instead of ursa for pod signature 2017-01-04 16:23:07 -05:00
Begin activitypub 2017-11-09 11:51:58 -05:00			`return { privateKey: key, publicKey }`
Remove useless anonymous functions of files 2016-02-07 05:23:23 -05:00			`}`

Begin moving video channel to actor 2017-12-14 11:38:41 -05:00			`function isSignatureVerified (fromActor: ActorModel, signedDocument: object) {`
Begin activitypub 2017-11-09 11:51:58 -05:00			`const publicKeyObject = {`
			`'@context': jsig.SECURITY_CONTEXT_URL,`
Begin moving video channel to actor 2017-12-14 11:38:41 -05:00			`'@id': fromActor.url,`
Begin activitypub 2017-11-09 11:51:58 -05:00			`'@type': 'CryptographicKey',`
Begin moving video channel to actor 2017-12-14 11:38:41 -05:00			`owner: fromActor.url,`
			`publicKeyPem: fromActor.publicKey`
Server: use crypto instead of ursa for pod signature 2017-01-04 16:23:07 -05:00			`}`

Begin activitypub 2017-11-09 11:51:58 -05:00			`const publicKeyOwnerObject = {`
			`'@context': jsig.SECURITY_CONTEXT_URL,`
Begin moving video channel to actor 2017-12-14 11:38:41 -05:00			`'@id': fromActor.url,`
Begin activitypub 2017-11-09 11:51:58 -05:00			`publicKey: [ publicKeyObject ]`
			`}`
Server: use crypto instead of ursa for pod signature 2017-01-04 16:23:07 -05:00
Begin activitypub 2017-11-09 11:51:58 -05:00			`const options = {`
			`publicKey: publicKeyObject,`
			`publicKeyOwner: publicKeyOwnerObject`
			`}`
Server: use crypto instead of ursa for pod signature 2017-01-04 16:23:07 -05:00
Send server announce when users upload a video 2017-11-16 05:08:25 -05:00			`return jsig.promises.verify(signedDocument, options)`
Begin activitypub 2017-11-09 11:51:58 -05:00			`.catch(err => {`
Fix error logging 2018-03-26 09:54:13 -04:00			`logger.error('Cannot check signature.', { err })`
Begin activitypub 2017-11-09 11:51:58 -05:00			`return false`
			`})`
Server: encrypt password in database 2016-08-25 11:57:37 -04:00			`}`

Begin moving video channel to actor 2017-12-14 11:38:41 -05:00			`function signObject (byActor: ActorModel, data: any) {`
Begin activitypub 2017-11-09 11:51:58 -05:00			`const options = {`
Begin moving video channel to actor 2017-12-14 11:38:41 -05:00			`privateKeyPem: byActor.privateKey,`
Use RsaSignature2017 2017-12-18 05:53:04 -05:00			`creator: byActor.url,`
			`algorithm: 'RsaSignature2017'`
Use async/await in lib and initializers 2017-10-25 10:03:33 -04:00			`}`
Remove useless anonymous functions of files 2016-02-07 05:23:23 -05:00
Send server announce when users upload a video 2017-11-16 05:08:25 -05:00			`return jsig.promises.sign(data, options)`
Begin activitypub 2017-11-09 11:51:58 -05:00			`}`

			`function comparePassword (plainPassword: string, hashPassword: string) {`
			`return bcryptComparePromise(plainPassword, hashPassword)`
Remove useless anonymous functions of files 2016-02-07 05:23:23 -05:00			`}`
Split utils file 2016-02-05 12:03:20 -05:00
Use async/await in lib and initializers 2017-10-25 10:03:33 -04:00			`async function cryptPassword (password: string) {`
			`const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)`

Upgrade server packages 2017-10-31 11:31:24 -04:00			`return bcryptHashPromise(password, salt)`
Server: encrypt password in database 2016-08-25 11:57:37 -04:00			`}`

Remove useless anonymous functions of files 2016-02-07 05:23:23 -05:00			`// ---------------------------------------------------------------------------`
Split utils file 2016-02-05 12:03:20 -05:00
First typescript iteration 2017-05-15 16:22:03 -04:00			`export {`
Begin activitypub 2017-11-09 11:51:58 -05:00			`isSignatureVerified,`
First typescript iteration 2017-05-15 16:22:03 -04:00			`comparePassword,`
Begin activitypub 2017-11-09 11:51:58 -05:00			`createPrivateAndPublicKeys,`
First typescript iteration 2017-05-15 16:22:03 -04:00			`cryptPassword,`
Begin activitypub 2017-11-09 11:51:58 -05:00			`signObject`
Remove useless anonymous functions of files 2016-02-07 05:23:23 -05:00			`}`