[sr-dev] [kamailio/kamailio] jwt3: initial implementation for libjwt v3.2.0+ (PR #4584)

[Wolfgang Kampichler via sr-dev]

- ported functionality from the jwt module to support libjwt v3.2.0+ API changes
- added support for new JWT algorithms available in the latest library
- removed key_mode and added leeway_sec parameter
- included documentation

<!-- Kamailio Pull Request Template -->

<!--
IMPORTANT:
  - for detailed contributing guidelines, read:
    https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
  - pull requests must be done to master branch, unless they are backports
    of fixes from master branch to a stable branch
  - backports to stable branches must be done with 'git cherry-pick -x 
...'
  - code is contributed under BSD for core and main components (tm, sl, auth, 
tls)
  - code is contributed GPLv2 or a compatible license for the other components
  - GPL code is contributed with OpenSSL licensing exception
-->

#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the 
checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING 
guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on 
sr-dev mailing list -->
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils, 
...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook 
files
in `doc/` subfolder, the README file is autogenerated)

#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the 
checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)

#### Description
<!-- Describe your changes in detail -->
This PR introduces jwt3, a new module providing JSON Web Token support using 
libjwt version 3.2.0 or higher.

The existing jwt module relies on older versions of the library; however, 
libjwt v3.2.0 introduced significant API changes and new features that are not 
backward compatible. jwt3 was created to support the latest  library version.

Changes
- Library Compatibility: Ported core functionality to support the libjwt 
v3.2.0+ API.
- Algorithm Support: Added support for JWT signing/verification algorithms made 
available in the latest library releases.
- Parameter Updates:
  - Removed the `key_mode` parameter.
  - Added a new `leeway_sec` parameter to allow for clock drift during token 
validation (sets the global leeway for exp and nbf claims).
- Enhanced Key Management: libjwt v3.2.0+ natively uses JWK/JWKS formats, this 
module includes an OpenSSL 3-based conversion layer to provide seamless 
backward compatibility by allowing keys to be loaded via:
  - PEM strings (direct configuration parameters)
  - PEM files (legacy public/private key files)
  - JWK/JWKS files (native JSON format)
- KEMI Support: Export of functions to the Kamailio Embedded Interface (KEMI).
- Documentation: DocBook documentation included, covering all exported 
functions and parameters.

Testing
- Verified compilation on Alpine 3.19.
- Validated against libjwt v3.2.3.
- Tested jwt3_verify() and jwt3_generate() using e.g. ES256 algorithms.

```
    jwt3_generate("/etc/kamailio/certs/ec_key.pem", 
"ES256", 
"caller='abcd';callee='xyz';callid='abc123';index=100",
 "kid=wk123");
    xlog("L_INFO", "$jwt3(val)\n");

    if(!jwt3_verify("/etc/kamailio/certs/ec_key_pub.pem", 
"ES256", 
"caller='abcd';callee='xyz';callid='abc123';index=100",
 "$jwt3(val)")) {
        xlog("L_WARN", "INVALID -\n");
        xlog("L_WARN", "status: $jwt3(status)\n");
    } else {
        xlog("L_INFO", "VALID ---\n");
        xlog("L_INFO", "status: $jwt3(status)\n");
    }
```
You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/4584

-- Commit Summary --

  * jwt3: initial implementation for libjwt v3.2.0+

-- File Changes --

    A src/modules/jwt3/Makefile (25)
    A src/modules/jwt3/doc/Makefile (4)
    A src/modules/jwt3/doc/jwt3.xml (45)
    A src/modules/jwt3/doc/jwt3_admin.xml (286)
    A src/modules/jwt3/jwt3_mod.c (913)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/4584.patch
https://github.com/kamailio/kamailio/pull/4584.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4584
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/4...@github.com>

_______________________________________________
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!