1 import * as crypto from 'crypto'
2 import * as fs from 'fs'
3 import { join } from 'path'
12 } from '../initializers'
21 import { logger } from './logger'
23 function checkSignature (publicKey: string, data: string, hexSignature: string) {
24 const verify = crypto.createVerify(SIGNATURE_ALGORITHM)
27 if (typeof data === 'string') {
31 dataString = JSON.stringify(data)
33 logger.error('Cannot check signature.', { error: err })
38 verify.update(dataString, 'utf8')
40 const isValid = verify.verify(publicKey, hexSignature, SIGNATURE_ENCODING)
44 function sign (data: string|Object) {
45 const sign = crypto.createSign(SIGNATURE_ALGORITHM)
47 let dataString: string
48 if (typeof data === 'string') {
52 dataString = JSON.stringify(data)
54 logger.error('Cannot sign data.', { error: err })
59 sign.update(dataString, 'utf8')
62 const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
63 const myKey = fs.readFileSync(certPath)
64 const signature = sign.sign(myKey.toString(), SIGNATURE_ENCODING)
69 function comparePassword (plainPassword: string, hashPassword: string) {
70 return bcryptComparePromise(plainPassword, hashPassword)
73 function createCertsIfNotExist () {
74 return certsExist().then(exist => {
83 function cryptPassword (password: string) {
84 return bcryptGenSaltPromise(BCRYPT_SALT_SIZE).then(salt => bcryptHashPromise(password, salt))
87 function getMyPrivateCert () {
88 const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
89 return readFilePromise(certPath, 'utf8')
92 function getMyPublicCert () {
93 const certPath = join(CONFIG.STORAGE.CERT_DIR, PUBLIC_CERT_NAME)
94 return readFilePromise(certPath, 'utf8')
97 // ---------------------------------------------------------------------------
102 createCertsIfNotExist,
109 // ---------------------------------------------------------------------------
111 function certsExist () {
112 const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
114 // If there is an error the certificates do not exist
115 return accessPromise(certPath)
120 function createCerts () {
121 return certsExist().then(exist => {
122 if (exist === true) {
123 const errorMessage = 'Certs already exist.'
124 logger.warning(errorMessage)
125 throw new Error(errorMessage)
128 logger.info('Generating a RSA key...')
130 const privateCertPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
131 const genRsaOptions = {
132 'out': privateCertPath,
135 return opensslExecPromise('genrsa', genRsaOptions)
137 logger.info('RSA key generated.')
138 logger.info('Managing public key...')
140 const publicCertPath = join(CONFIG.STORAGE.CERT_DIR, 'peertube.pub')
142 'in': privateCertPath,
144 'out': publicCertPath
146 return opensslExecPromise('rsa', rsaOptions)
147 .then(() => logger.info('Public key managed.'))
149 logger.error('Cannot create public key on this pod.')
154 logger.error('Cannot create private key on this pod.')