peertube/server/helpers/peertube-crypto.js

'use strict'

const crypto = require('crypto')
const bcrypt = require('bcrypt')
const fs = require('fs')
const openssl = require('openssl-wrapper')
const pathUtils = require('path')

const constants = require('../initializers/constants')
const logger = require('./logger')

const peertubeCrypto = {
  checkSignature,
  comparePassword,
  createCertsIfNotExist,
  cryptPassword,
  getMyPrivateCert,
  getMyPublicCert,
  sign
}

function checkSignature (publicKey, data, hexSignature) {
  const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM)

  let dataString
  if (typeof data === 'string') {
    dataString = data
  } else {
    try {
      dataString = JSON.stringify(data)
    } catch (err) {
      logger.error('Cannot check signature.', { error: err })
      return false
    }
  }

  verify.update(dataString, 'utf8')

  const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING)
  return isValid
}

function sign (data) {
  const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM)

  let dataString
  if (typeof data === 'string') {
    dataString = data
  } else {
    try {
      dataString = JSON.stringify(data)
    } catch (err) {
      logger.error('Cannot sign data.', { error: err })
      return ''
    }
  }

  sign.update(dataString, 'utf8')

  // TODO: make async
  const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME)
  const myKey = fs.readFileSync(certPath)
  const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING)

  return signature
}

function comparePassword (plainPassword, hashPassword, callback) {
  bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
    if (err) return callback(err)

    return callback(null, isPasswordMatch)
  })
}

function createCertsIfNotExist (callback) {
  certsExist(function (err, exist) {
    if (err) return callback(err)

    if (exist === true) {
      return callback(null)
    }

    createCerts(function (err) {
      return callback(err)
    })
  })
}

function cryptPassword (password, callback) {
  bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
    if (err) return callback(err)

    bcrypt.hash(password, salt, function (err, hash) {
      return callback(err, hash)
    })
  })
}

function getMyPrivateCert (callback) {
  const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME)
  fs.readFile(certPath, 'utf8', callback)
}

function getMyPublicCert (callback) {
  const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PUBLIC_CERT_NAME)
  fs.readFile(certPath, 'utf8', callback)
}

// ---------------------------------------------------------------------------

module.exports = peertubeCrypto

// ---------------------------------------------------------------------------

function certsExist (callback) {
  const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME)
  fs.access(certPath, function (err) {
    // If there is an error the certificates do not exist
    const exists = !err
    return callback(null, exists)
  })
}

function createCerts (callback) {
  certsExist(function (err, exist) {
    if (err) return callback(err)

    if (exist === true) {
      const string = 'Certs already exist.'
      logger.warning(string)
      return callback(new Error(string))
    }

    logger.info('Generating a RSA key...')

    const privateCertPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME)
    const genRsaOptions = {
      'out': privateCertPath,
      '2048': false
    }
    openssl.exec('genrsa', genRsaOptions, function (err) {
      if (err) {
        logger.error('Cannot create private key on this pod.')
        return callback(err)
      }

      logger.info('RSA key generated.')
      logger.info('Managing public key...')

      const publicCertPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, 'peertube.pub')
      const rsaOptions = {
        'in': privateCertPath,
        'pubout': true,
        'out': publicCertPath
      }
      openssl.exec('rsa', rsaOptions, function (err) {
        if (err) {
          logger.error('Cannot create public key on this pod.')
          return callback(err)
        }

        logger.info('Public key managed.')
        return callback(null)
      })
    })
  })
}
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`'use strict'`

Server: use crypto instead of ursa for pod signature 2017-01-04 21:23:07 +00:00			`const crypto = require('crypto')`
Server: encrypt password in database 2016-08-25 15:57:37 +00:00			`const bcrypt = require('bcrypt')`
Use const/let now we use node 4.2 2016-03-16 21:29:27 +00:00			`const fs = require('fs')`
			`const openssl = require('openssl-wrapper')`
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`const pathUtils = require('path')`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00
Server: put config in constants 2016-08-19 19:34:51 +00:00			`const constants = require('../initializers/constants')`
Use const/let now we use node 4.2 2016-03-16 21:29:27 +00:00			`const logger = require('./logger')`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00
Use const/let now we use node 4.2 2016-03-16 21:29:27 +00:00			`const peertubeCrypto = {`
Server: remove useless hash affectations 2016-10-02 10:19:02 +00:00			`checkSignature,`
			`comparePassword,`
			`createCertsIfNotExist,`
			`cryptPassword,`
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`getMyPrivateCert,`
			`getMyPublicCert,`
Server: remove useless hash affectations 2016-10-02 10:19:02 +00:00			`sign`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`}`

Server: use crypto instead of ursa for pod signature 2017-01-04 21:23:07 +00:00			`function checkSignature (publicKey, data, hexSignature) {`
			`const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM)`

			`let dataString`
			`if (typeof data === 'string') {`
			`dataString = data`
			`} else {`
			`try {`
			`dataString = JSON.stringify(data)`
			`} catch (err) {`
			`logger.error('Cannot check signature.', { error: err })`
			`return false`
			`}`
			`}`

			`verify.update(dataString, 'utf8')`

			`const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING)`
Update to standard 7. Goodbye snake_case, I used to love you 2016-05-11 19:19:34 +00:00			`return isValid`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`}`

Server: use crypto instead of ursa for pod signature 2017-01-04 21:23:07 +00:00			`function sign (data) {`
			`const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM)`

			`let dataString`
			`if (typeof data === 'string') {`
			`dataString = data`
			`} else {`
			`try {`
			`dataString = JSON.stringify(data)`
			`} catch (err) {`
			`logger.error('Cannot sign data.', { error: err })`
			`return ''`
			`}`
			`}`

			`sign.update(dataString, 'utf8')`

			`// TODO: make async`
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME)`
			`const myKey = fs.readFileSync(certPath)`
Server: use crypto instead of ursa for pod signature 2017-01-04 21:23:07 +00:00			`const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING)`

			`return signature`
			`}`

Server: encrypt password in database 2016-08-25 15:57:37 +00:00			`function comparePassword (plainPassword, hashPassword, callback) {`
			`bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {`
			`if (err) return callback(err)`

			`return callback(null, isPasswordMatch)`
			`})`
			`}`

Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`function createCertsIfNotExist (callback) {`
Update standard -> 10 2017-04-16 12:25:37 +00:00			`certsExist(function (err, exist) {`
			`if (err) return callback(err)`

Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`if (exist === true) {`
			`return callback(null)`
			`}`

			`createCerts(function (err) {`
			`return callback(err)`
Split utils file 2016-02-05 17:03:20 +00:00			`})`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`})`
			`}`
Split utils file 2016-02-05 17:03:20 +00:00
Server: encrypt password in database 2016-08-25 15:57:37 +00:00			`function cryptPassword (password, callback) {`
			`bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {`
			`if (err) return callback(err)`

			`bcrypt.hash(password, salt, function (err, hash) {`
			`return callback(err, hash)`
			`})`
			`})`
			`}`

Server: paths refractoring 2017-01-17 20:42:47 +00:00			`function getMyPrivateCert (callback) {`
			`const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME)`
			`fs.readFile(certPath, 'utf8', callback)`
			`}`

			`function getMyPublicCert (callback) {`
			`const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PUBLIC_CERT_NAME)`
			`fs.readFile(certPath, 'utf8', callback)`
			`}`

Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`// ---------------------------------------------------------------------------`
Split utils file 2016-02-05 17:03:20 +00:00
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`module.exports = peertubeCrypto`
Split utils file 2016-02-05 17:03:20 +00:00
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`// ---------------------------------------------------------------------------`
Split utils file 2016-02-05 17:03:20 +00:00
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`function certsExist (callback) {`
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`const certPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME)`
Update standard -> 10 2017-04-16 12:25:37 +00:00			`fs.access(certPath, function (err) {`
			`// If there is an error the certificates do not exist`
			`const exists = !err`
			`return callback(null, exists)`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`})`
			`}`

			`function createCerts (callback) {`
Update standard -> 10 2017-04-16 12:25:37 +00:00			`certsExist(function (err, exist) {`
			`if (err) return callback(err)`

Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`if (exist === true) {`
Use const/let now we use node 4.2 2016-03-16 21:29:27 +00:00			`const string = 'Certs already exist.'`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`logger.warning(string)`
			`return callback(new Error(string))`
			`}`

			`logger.info('Generating a RSA key...')`
Server: put config in constants 2016-08-19 19:34:51 +00:00
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`const privateCertPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, constants.PRIVATE_CERT_NAME)`
			`const genRsaOptions = {`
			`'out': privateCertPath,`
Server: put config in constants 2016-08-19 19:34:51 +00:00			`'2048': false`
			`}`
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`openssl.exec('genrsa', genRsaOptions, function (err) {`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`if (err) {`
			`logger.error('Cannot create private key on this pod.')`
			`return callback(err)`
Split utils file 2016-02-05 17:03:20 +00:00			`}`
Server: paths refractoring 2017-01-17 20:42:47 +00:00
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`logger.info('RSA key generated.')`
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`logger.info('Managing public key...')`
Split utils file 2016-02-05 17:03:20 +00:00
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`const publicCertPath = pathUtils.join(constants.CONFIG.STORAGE.CERT_DIR, 'peertube.pub')`
			`const rsaOptions = {`
			`'in': privateCertPath,`
Server: put config in constants 2016-08-19 19:34:51 +00:00			`'pubout': true,`
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`'out': publicCertPath`
Server: put config in constants 2016-08-19 19:34:51 +00:00			`}`
Server: paths refractoring 2017-01-17 20:42:47 +00:00			`openssl.exec('rsa', rsaOptions, function (err) {`
Split utils file 2016-02-05 17:03:20 +00:00			`if (err) {`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`logger.error('Cannot create public key on this pod.')`
Split utils file 2016-02-05 17:03:20 +00:00			`return callback(err)`
			`}`

Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`logger.info('Public key managed.')`
			`return callback(null)`
			`})`
Split utils file 2016-02-05 17:03:20 +00:00			`})`
Remove useless anonymous functions of files 2016-02-07 10:23:23 +00:00			`})`
			`}`