jitsi · bgrozev · Nov 13, 2024 · Nov 12, 2024 · Nov 12, 2024
diff --git a/pom.xml b/pom.xml
@@ -20,8 +20,7 @@
         <kotest.version>5.7.2</kotest.version>
         <mockk.version>1.13.8</mockk.version>
         <ktor.version>3.0.0</ktor.version>
-        <jwt.version>0.11.5</jwt.version>
-        <jicoco.version>1.1-143-g175c44b</jicoco.version>
+        <jicoco.version>1.1-145-g9a3479a</jicoco.version>
         <jitsi.utils.version>1.0-127-g6c65524</jitsi.utils.version>
     </properties>
 
@@ -57,6 +56,11 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>jicoco-jwt</artifactId>
+            <version>${jicoco.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.jetbrains.kotlin</groupId>
             <artifactId>kotlin-stdlib</artifactId>
@@ -179,24 +183,6 @@
             <artifactId>config</artifactId>
             <version>1.4.0</version>
         </dependency>
-        <dependency>
-            <groupId>io.jsonwebtoken</groupId>
-            <artifactId>jjwt-api</artifactId>
-            <version>${jwt.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>io.jsonwebtoken</groupId>
-            <artifactId>jjwt-impl</artifactId>
-            <version>${jwt.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>io.jsonwebtoken</groupId>
-            <artifactId>jjwt-jackson</artifactId>
-            <version>${jwt.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-
         <!-- testing -->
         <dependency>
             <groupId>org.jitsi</groupId>

diff --git a/src/main/kotlin/org/jitsi/jibri/util/RefreshingProperty.kt b/src/main/kotlin/org/jitsi/jibri/util/RefreshingProperty.kt
diff --git a/src/main/kotlin/org/jitsi/jibri/webhooks/v1/WebhookClient.kt b/src/main/kotlin/org/jitsi/jibri/webhooks/v1/WebhookClient.kt
@@ -16,9 +16,6 @@
 
 package org.jitsi.jibri.webhooks.v1
 
-import com.typesafe.config.ConfigObject
-import io.jsonwebtoken.Jwts
-import io.jsonwebtoken.SignatureAlgorithm
 import io.ktor.client.HttpClient
 import io.ktor.client.engine.apache.Apache
 import io.ktor.client.plugins.HttpRequestTimeoutException
@@ -37,29 +34,21 @@ import io.ktor.serialization.jackson.jackson
 import kotlinx.coroutines.asCoroutineDispatcher
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
-import org.bouncycastle.openssl.PEMKeyPair
-import org.bouncycastle.openssl.PEMParser
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter
 import org.jitsi.jibri.config.Config
 import org.jitsi.jibri.status.JibriSessionStatus
 import org.jitsi.jibri.status.JibriStatus
-import org.jitsi.jibri.util.RefreshingProperty
 import org.jitsi.jibri.util.TaskPools
+import org.jitsi.jwt.JwtInfo
+import org.jitsi.jwt.RefreshingJwt
 import org.jitsi.metaconfig.optionalconfig
 import org.jitsi.utils.logging2.createLogger
-import java.io.FileReader
-import java.security.PrivateKey
-import java.time.Clock
-import java.time.Duration
-import java.util.Date
 import java.util.concurrent.CopyOnWriteArraySet
 
 /**
  * A client for notifying subscribers of Jibri events
  */
 class WebhookClient(
     private val jibriId: String,
-    private val clock: Clock = Clock.systemUTC(),
     client: HttpClient = HttpClient(Apache)
 ) {
     private val logger = createLogger()
@@ -70,17 +59,7 @@ class WebhookClient(
     }
 
     // We refresh 5 minutes before the expiration
-    private val jwt: String? by RefreshingProperty(jwtInfo?.ttl?.minus(Duration.ofMinutes(5)) ?: INFINITE) {
-        jwtInfo?.let {
-            Jwts.builder()
-                .setHeaderParam("kid", it.kid)
-                .setIssuer(it.issuer)
-                .setAudience(it.audience)
-                .setExpiration(Date.from(clock.instant().plus(it.ttl)))
-                .signWith(it.privateKey, SignatureAlgorithm.RS256)
-                .compact()
-        }
-    }
+    private val jwt: String? by RefreshingJwt(jwtInfo)
 
     private val client = client.config {
         expectSuccess = false
@@ -92,7 +71,7 @@ class WebhookClient(
         }
         jwt?.let {
             defaultRequest {
-                bearerAuth("$jwt")
+                bearerAuth(it)
             }
         }
     }
@@ -146,8 +125,6 @@ class WebhookClient(
     }
 }
 
-private val INFINITE = Duration.ofSeconds(Long.MAX_VALUE)
-
 /**
  * Just like [HttpClient.post], but automatically sets the content type to
  * [ContentType.Application.Json].
@@ -159,45 +136,3 @@ private suspend inline fun HttpClient.postJson(
     block()
     contentType(ContentType.Application.Json)
 }
-
-private data class JwtInfo(
-    val privateKey: PrivateKey,
-    val kid: String,
-    val issuer: String,
-    val audience: String,
-    val ttl: Duration
-) {
-    companion object {
-        private val logger = createLogger()
-        fun fromConfig(jwtConfigObj: ConfigObject): JwtInfo {
-            // Any missing or incorrect value here will throw, which is what we want:
-            // If anything is wrong, we should fail to create the JwtInfo
-            val jwtConfig = jwtConfigObj.toConfig()
-            logger.info("got jwtConfig: ${jwtConfig.root().render()}")
-            try {
-                return JwtInfo(
-                    privateKey = parseKeyFile(jwtConfig.getString("signing-key-path")),
-                    kid = jwtConfig.getString("kid"),
-                    issuer = jwtConfig.getString("issuer"),
-                    audience = jwtConfig.getString("audience"),
-                    ttl = jwtConfig.getDuration("ttl").withMinimum(Duration.ofMinutes(10))
-                )
-            } catch (t: Throwable) {
-                logger.info("Unable to create JwtInfo: $t")
-                throw t
-            }
-        }
-    }
-}
-
-private fun parseKeyFile(keyFilePath: String): PrivateKey {
-    val parser = PEMParser(FileReader(keyFilePath))
-    return (parser.readObject() as PEMKeyPair).let { pemKeyPair ->
-        JcaPEMKeyConverter().getKeyPair(pemKeyPair).private
-    }
-}
-
-/**
- * Returns [min] if this Duration is less than that minimum, otherwise this
- */
-private fun Duration.withMinimum(min: Duration): Duration = maxOf(this, min)
diff --git a/src/test/kotlin/org/jitsi/jibri/util/RefreshingPropertyTest.kt b/src/test/kotlin/org/jitsi/jibri/util/RefreshingPropertyTest.kt