From 63ae0f3d292fc3834c98bc6e7cda3c0ea6ea1e57 Mon Sep 17 00:00:00 2001 From: RazvanP Date: Mon, 4 Mar 2024 16:17:58 +0200 Subject: [PATCH 1/2] allow connection to a whisper server which doesn't enforce auth --- .../transcription/WhisperWebsocket.java | 38 +++++++++++-------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/src/main/java/org/jitsi/jigasi/transcription/WhisperWebsocket.java b/src/main/java/org/jitsi/jigasi/transcription/WhisperWebsocket.java index 390a29d51..28328f324 100644 --- a/src/main/java/org/jitsi/jigasi/transcription/WhisperWebsocket.java +++ b/src/main/java/org/jitsi/jigasi/transcription/WhisperWebsocket.java @@ -109,21 +109,29 @@ public class WhisperWebsocket private String getJWT() throws NoSuchAlgorithmException, InvalidKeySpecException { - long nowMillis = System.currentTimeMillis(); - Date now = new Date(nowMillis); - KeyFactory kf = KeyFactory.getInstance("RSA"); - PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)); - PrivateKey finalPrivateKey = kf.generatePrivate(keySpecPKCS8); - JwtBuilder builder = Jwts.builder() - .setHeaderParam("kid", privateKeyName) - .setIssuedAt(now) - .setAudience(jwtAudience) - .setIssuer("jigasi") - .signWith(finalPrivateKey, SignatureAlgorithm.RS256); - long expires = nowMillis + (60 * 5 * 1000); - Date expiry = new Date(expires); - builder.setExpiration(expiry); - return builder.compact(); + try + { + long nowMillis = System.currentTimeMillis(); + Date now = new Date(nowMillis); + KeyFactory kf = KeyFactory.getInstance("RSA"); + PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)); + PrivateKey finalPrivateKey = kf.generatePrivate(keySpecPKCS8); + JwtBuilder builder = Jwts.builder() + .setHeaderParam("kid", privateKeyName) + .setIssuedAt(now) + .setAudience(jwtAudience) + .setIssuer("jigasi") + .signWith(finalPrivateKey, SignatureAlgorithm.RS256); + long expires = nowMillis + (60 * 5 * 1000); + Date expiry = new Date(expires); + builder.setExpiration(expiry); + return builder.compact(); + } + catch (Exception e) + { + logger.error("Failed generating JWT for Whisper. " + e); + } + return null; } /** From 2355c6e87947c66e062d92f04fd1c55463a54c94 Mon Sep 17 00:00:00 2001 From: RazvanP Date: Mon, 4 Mar 2024 16:49:58 +0200 Subject: [PATCH 2/2] Make jwt auth properties static --- .../transcription/WhisperWebsocket.java | 90 ++++++++++--------- 1 file changed, 48 insertions(+), 42 deletions(-) diff --git a/src/main/java/org/jitsi/jigasi/transcription/WhisperWebsocket.java b/src/main/java/org/jitsi/jigasi/transcription/WhisperWebsocket.java index 28328f324..d9c69351e 100644 --- a/src/main/java/org/jitsi/jigasi/transcription/WhisperWebsocket.java +++ b/src/main/java/org/jitsi/jigasi/transcription/WhisperWebsocket.java @@ -88,7 +88,7 @@ public class WhisperWebsocket * The config value of the websocket to the speech-to-text * service. */ - private String websocketUrlConfig; + private final static String websocketUrlConfig; /** * The URL of the websocket to the speech-to-text service. @@ -100,38 +100,61 @@ public class WhisperWebsocket */ private final String connectionId = UUID.randomUUID().toString(); - private String privateKey; + private final static String privateKey; - private String privateKeyName; + private final static String privateKeyName; - private String jwtAudience; + private final static String jwtAudience; - - private String getJWT() throws NoSuchAlgorithmException, InvalidKeySpecException + static { - try + jwtAudience = JigasiBundleActivator.getConfigurationService() + .getString(JWT_AUDIENCE, "jitsi"); + privateKey = JigasiBundleActivator.getConfigurationService() + .getString(PRIVATE_KEY, ""); + privateKeyName = JigasiBundleActivator.getConfigurationService() + .getString(PRIVATE_KEY_NAME, ""); + if (privateKey.isEmpty() || privateKeyName.isEmpty()) { - long nowMillis = System.currentTimeMillis(); - Date now = new Date(nowMillis); - KeyFactory kf = KeyFactory.getInstance("RSA"); - PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)); - PrivateKey finalPrivateKey = kf.generatePrivate(keySpecPKCS8); - JwtBuilder builder = Jwts.builder() - .setHeaderParam("kid", privateKeyName) - .setIssuedAt(now) - .setAudience(jwtAudience) - .setIssuer("jigasi") - .signWith(finalPrivateKey, SignatureAlgorithm.RS256); - long expires = nowMillis + (60 * 5 * 1000); - Date expiry = new Date(expires); - builder.setExpiration(expiry); - return builder.compact(); + logger.warn("org.jitsi.jigasi.transcription.whisper.private_key_name or " + + "org.jitsi.jigasi.transcription.whisper.private_key are empty." + + "Will not generate a JWT for skynet/streaming-whisper."); } - catch (Exception e) + + String wsUrlConfig = JigasiBundleActivator.getConfigurationService() + .getString(WEBSOCKET_URL, DEFAULT_WEBSOCKET_URL); + if (wsUrlConfig.endsWith("/")) { - logger.error("Failed generating JWT for Whisper. " + e); + websocketUrlConfig = wsUrlConfig.substring(0, wsUrlConfig.length() - 1); + } + else + { + websocketUrlConfig = wsUrlConfig; + } + logger.info("Websocket transcription streaming endpoint: " + websocketUrlConfig); + } + + private String getJWT() throws NoSuchAlgorithmException, InvalidKeySpecException + { + if (privateKey.isEmpty() || privateKeyName.isEmpty()) + { + return null; } - return null; + long nowMillis = System.currentTimeMillis(); + Date now = new Date(nowMillis); + KeyFactory kf = KeyFactory.getInstance("RSA"); + PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)); + PrivateKey finalPrivateKey = kf.generatePrivate(keySpecPKCS8); + JwtBuilder builder = Jwts.builder() + .setHeaderParam("kid", privateKeyName) + .setIssuedAt(now) + .setAudience(jwtAudience) + .setIssuer("jigasi") + .signWith(finalPrivateKey, SignatureAlgorithm.RS256); + long expires = nowMillis + (60 * 5 * 1000); + Date expiry = new Date(expires); + builder.setExpiration(expiry); + return builder.compact(); } /** @@ -140,7 +163,6 @@ private String getJWT() throws NoSuchAlgorithmException, InvalidKeySpecException */ private void generateWebsocketUrl() { - getConfig(); try { websocketUrl = websocketUrlConfig + "/" + connectionId + "?auth_token=" + getJWT(); @@ -155,22 +177,6 @@ private void generateWebsocketUrl() } } - private void getConfig() - { - jwtAudience = JigasiBundleActivator.getConfigurationService() - .getString(JWT_AUDIENCE, "jitsi"); - websocketUrlConfig = JigasiBundleActivator.getConfigurationService() - .getString(WEBSOCKET_URL, DEFAULT_WEBSOCKET_URL); - if (websocketUrlConfig.endsWith("/")) - { - websocketUrlConfig = websocketUrlConfig.substring(0, websocketUrlConfig.length() - 1); - } - privateKey = JigasiBundleActivator.getConfigurationService() - .getString(PRIVATE_KEY, ""); - privateKeyName = JigasiBundleActivator.getConfigurationService() - .getString(PRIVATE_KEY_NAME, ""); - logger.info("Websocket streaming endpoint: " + websocketUrlConfig); - } /** * Connect to the websocket, retry up to maxRetryAttempts