Jitsi JWT

Steps:

https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md

https://community.jitsi.org/t/jitsi-meet-tokens-unable-to-install/29325/5

https://github.com/ASolomatin/luajwt/tree/replace_luacrypto

https://github.com/christiancuri/Docs/blob/master/Jitsi%20Meet%20Installation.md

https://community.jitsi.org/t/heres-how-you-should-install-jitsi-meet-tokens-on-debian-10/59606

https://community.jitsi.org/t/jwt-token-authentication-broken-on-debian-10-with-openssl-1-1/31027/5

Most Important – Luarocks with lua 5.2

sudo su apt install gcc -y apt install make -y apt install cmake apt-get install libssl-dev # apt-get install libssl1.0-dev -y Gives error apt-get install luarocks luarocks install basexx apt-get install jitsi-meet-tokens

Luacrypto Installation Fails if you use

luarocks install luacrypto

AS per https://github.com/mkottman/luacrypto – LuaCrypto provides a Lua frontend to the OpenSSL cryptographic library. The OpenSSL features that are currently exposed are digests (MD5, SHA-1, HMAC, and more) and crypto-grade random number generators. LuaCrypto also supports encryption and decryption, signing and verifying, sealing and opening using the OpenSSL EVP API.

Buster comes with libssl-1.1 which is not supported by luacrypto so the fork uses luaossl which compiles fine with libssl-dev-1.1. To combat that: https://community.jitsi.org/t/jitsi-meet-tokens-unable-to-install/29325/5

cd ~ nano luajwtjitsi-1.3-7.rockspec -------------- CONTENTS OF FILE package = "luajwtjitsi" version = "1.3-7" source = { -- Use fork from ASolomatin which uses luaossl url = "git://github.com/ASolomatin/luajwt/", tag = "replace_luacrypto" } description = { summary = "JSON Web Tokens for Lua", detailed = "Very fast and compatible with pyjwt, php-jwt, ruby-jwt, node-jwt-simple and others", homepage = "https://github.com/jitsi/luajwt/", license = "MIT <http://opensource.org/licenses/MIT>" } dependencies = { -- Prosody uses lua 5.2 "lua >= 5.2", "luaossl >= 20190731-0", -- Use exact version 2.1, see https://github.com/mpx/lua-cjson/issues/56 "lua-cjson = 2.1.0", "lbase64 >= 20120807-3" } build = { type = "builtin", modules = { luajwtjitsi = "luajwtjitsi.lua" } }

Install the luajwtjitsi

sudo luarocks install luajwtjitsi-1.3-7.rockspec ---------- Output Missing dependencies for luajwtjitsi 1.3-7: luaossl >= 20190731-0 (not installed) lua-cjson == 2.1.0 (not installed) lbase64 >= 20120807-3 (not installed) luajwtjitsi 1.3-7 depends on luaossl >= 20190731-0 (not installed) Installing https://luarocks.org/luaossl-20190731-0.src.rock Applying patch config.h.diff... Hunk 1 found at offset 2... successfully patched src/openssl.c gcc -O2 -fPIC -I/usr/include/lua5.2 -c src/openssl.c -o src/openssl.o -D_REENTRANT -D_THREAD_SAFE -DCOMPAT53_PREFIX=luaossl -D_GNU_SOURCE -I/usr/include -I/usr/include In file included from src/openssl.c:12414: /usr/include/x86_64-linux-gnu/sys/sysctl.h:21:2: warning: #warning "The <sys/sysctl.h> header is deprecated and will be removed." [-Wcpp] 21 | #warning "The <sys/sysctl.h> header is deprecated and will be removed." | ^~~~~~~ src/openssl.c: In function ‘randL_stir’: src/openssl.c:12481:3: warning: ‘sysctl’ is deprecated [-Wdeprecated-declarations] 12481 | if (0 != sysctl(mib, countof(mib), data, &n, (void *)0, 0)) | ^~ In file included from src/openssl.c:12414: /usr/include/x86_64-linux-gnu/sys/sysctl.h:70:12: note: declared here 70 | extern int sysctl (int *__name, int __nlen, void *__oldval, | ^~~~~~ gcc -O2 -fPIC -I/usr/include/lua5.2 -c vendor/compat53/c-api/compat-5.3.c -o vendor/compat53/c-api/compat-5.3.o -D_REENTRANT -D_THREAD_SAFE -DCOMPAT53_PREFIX=luaossl -D_GNU_SOURCE -I/usr/include -I/usr/include gcc -shared -o _openssl.so -L/usr/local/lib src/openssl.o vendor/compat53/c-api/compat-5.3.o -L/usr/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu -Wl,-rpath,/usr/lib/x86_64-linux-gnu: -Wl,-rpath,/usr/lib/x86_64-linux-gnu: -lssl -lcrypto -lpthread -lm -ldl luaossl 20190731-0 is now installed in /usr/local (license: MIT/X11) luajwtjitsi 1.3-7 depends on lua-cjson == 2.1.0 (not installed) Installing https://luarocks.org/lua-cjson-2.1.0-1.src.rock gcc -O2 -fPIC -I/usr/include/lua5.2 -c lua_cjson.c -o lua_cjson.o In file included from lua_cjson.c:47: fpconv.h:15:20: warning: inline function ‘fpconv_init’ declared but never defined 15 | extern inline void fpconv_init(); | ^~~~~~~~~~~ gcc -O2 -fPIC -I/usr/include/lua5.2 -c strbuf.c -o strbuf.o gcc -O2 -fPIC -I/usr/include/lua5.2 -c fpconv.c -o fpconv.o gcc -shared -o cjson.so -L/usr/local/lib lua_cjson.o strbuf.o fpconv.o lua-cjson 2.1.0-1 is now installed in /usr/local (license: MIT) luajwtjitsi 1.3-7 depends on lbase64 >= 20120807-3 (not installed) Installing https://luarocks.org/lbase64-20120807-3.src.rock gcc -O2 -fPIC -I/usr/include/lua5.2 -c lbase64.c -o lbase64.o gcc -shared -o base64.so -L/usr/local/lib lbase64.o lbase64 20120807-3 is now installed in /usr/local (license: Public domain) Cloning into 'luajwt'... remote: Enumerating objects: 7, done. remote: Counting objects: 100% (7/7), done. remote: Compressing objects: 100% (7/7), done. remote: Total 7 (delta 0), reused 1 (delta 0), pack-reused 0 Receiving objects: 100% (7/7), done. luajwtjitsi 1.3-7 is now installed in /usr/local (license: MIT <http://opensource.org/licenses/MIT>)

install basexx

luarocks install basexx Installing https://luarocks.org/basexx-0.4.1-1.rockspec basexx 0.4.1-1 is now installed in /usr/local (license: MIT)

Prosody CONFIGURATION : https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md

plugin_paths = { "/usr/local/lib/prosody/modules", "/usr/share/jitsi-meet/prosody-plugins/" } c2s_require_encryption = false Include "conf.d/*.cfg.lua"

Open /etc/prosody/conf.avail/<host>.cfg.lua and add above lines with your issuers and audiences

asap_accepted_issuers = { "jitsi", "smash" } asap_accepted_audiences = { "jitsi", "smash" }
# luarocks install luacrypto Installing https://luarocks.org/luacrypto-0.3.2-2.src.rock gcc -O2 -fPIC -I/usr/include/lua5.2 -c src/lcrypto.c -o src/lcrypto.o -I/usr/include src/lcrypto.c: In function ‘digest_pnew’: src/lcrypto.c:81:61: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_MD_CTX’ {aka ‘struct evp_md_ctx_st’} 81 | EVP_MD_CTX *c = (EVP_MD_CTX *)lua_newuserdata(L, sizeof(EVP_MD_CTX)); | ^~~~~~~~~~ src/lcrypto.c: In function ‘digest_reset’: src/lcrypto.c:120:10: warning: implicit declaration of function ‘EVP_MD_CTX_cleanup’; did you mean ‘EVP_MD_CTX_create’? [-Wimplicit-function-declaration] 120 | if (!EVP_MD_CTX_cleanup(c)) | ^~~~~~~~~~~~~~~~~~ | EVP_MD_CTX_create src/lcrypto.c: In function ‘encrypt_pnew’: src/lcrypto.c:331:69: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER_CTX’ {aka ‘struct evp_cipher_ctx_st’} 331 | EVP_CIPHER_CTX *c = (EVP_CIPHER_CTX *)lua_newuserdata(L, sizeof(EVP_CIPHER_CTX)); | ^~~~~~~~~~~~~~ src/lcrypto.c: In function ‘encrypt_fencrypt’: src/lcrypto.c:425:20: error: storage size of ‘c’ isn’t known 425 | EVP_CIPHER_CTX c; | ^ src/lcrypto.c: In function ‘decrypt_pnew’: src/lcrypto.c:470:69: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER_CTX’ {aka ‘struct evp_cipher_ctx_st’} 470 | EVP_CIPHER_CTX *c = (EVP_CIPHER_CTX *)lua_newuserdata(L, sizeof(EVP_CIPHER_CTX)); | ^~~~~~~~~~~~~~ src/lcrypto.c: In function ‘decrypt_fdecrypt’: src/lcrypto.c:561:20: error: storage size of ‘c’ isn’t known 561 | EVP_CIPHER_CTX c; | ^ src/lcrypto.c: In function ‘hmac_pnew’: src/lcrypto.c:604:57: error: invalid application of ‘sizeof’ to incomplete type ‘HMAC_CTX’ {aka ‘struct hmac_ctx_st’} 604 | HMAC_CTX *c = (HMAC_CTX *)lua_newuserdata(L, sizeof(HMAC_CTX)); | ^~~~~~~~ src/lcrypto.c: In function ‘hmac_fnew’: src/lcrypto.c:621:5: warning: implicit declaration of function ‘HMAC_CTX_init’; did you mean ‘HMAC_CTX_new’? [-Wimplicit-function-declaration] 621 | HMAC_CTX_init(c); | ^~~~~~~~~~~~~ | HMAC_CTX_new src/lcrypto.c: In function ‘hmac_clone’: src/lcrypto.c:631:5: error: dereferencing pointer to incomplete type ‘HMAC_CTX’ {aka ‘struct hmac_ctx_st’} 631 | *d = *c; | ^~ src/lcrypto.c: In function ‘hmac_gc’: src/lcrypto.c:697:5: warning: implicit declaration of function ‘HMAC_CTX_cleanup’ [-Wimplicit-function-declaration] 697 | HMAC_CTX_cleanup(c); | ^~~~~~~~~~~~~~~~ src/lcrypto.c: In function ‘hmac_fdigest’: src/lcrypto.c:711:14: error: storage size of ‘c’ isn’t known 711 | HMAC_CTX c; | ^ src/lcrypto.c: In function ‘sign_pnew’: src/lcrypto.c:747:61: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_MD_CTX’ {aka ‘struct evp_md_ctx_st’} 747 | EVP_MD_CTX *c = (EVP_MD_CTX *)lua_newuserdata(L, sizeof(EVP_MD_CTX)); | ^~~~~~~~~~ src/lcrypto.c: In function ‘sign_fsign’: src/lcrypto.c:828:20: error: storage size of ‘c’ isn’t known 828 | EVP_MD_CTX c; | ^ src/lcrypto.c: In function ‘verify_pnew’: src/lcrypto.c:857:61: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_MD_CTX’ {aka ‘struct evp_md_ctx_st’} 857 | EVP_MD_CTX *c = (EVP_MD_CTX *)lua_newuserdata(L, sizeof(EVP_MD_CTX)); | ^~~~~~~~~~ src/lcrypto.c: In function ‘verify_fverify’: src/lcrypto.c:940:20: error: storage size of ‘c’ isn’t known 940 | EVP_MD_CTX c; | ^ src/lcrypto.c: In function ‘rand_pseudo_bytes’: src/lcrypto.c:992:5: warning: ‘RAND_pseudo_bytes’ is deprecated [-Wdeprecated-declarations] 992 | return rand_do_bytes(L, RAND_pseudo_bytes); | ^~~~~~ In file included from /usr/include/openssl/e_os2.h:13, from /usr/include/openssl/err.h:13, from src/lcrypto.c:7: /usr/include/openssl/rand.h:44:1: note: declared here 44 | DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) | ^~~~~~~~~~~~~~~~~~ src/lcrypto.c: In function ‘pkey_generate’: src/lcrypto.c:1064:9: warning: ‘RSA_generate_key’ is deprecated [-Wdeprecated-declarations] 1064 | RSA *rsa = RSA_generate_key(key_len, RSA_F4, NULL, NULL); | ^~~ In file included from /usr/include/openssl/e_os2.h:13, from /usr/include/openssl/err.h:13, from src/lcrypto.c:7: /usr/include/openssl/rsa.h:235:1: note: declared here 235 | DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void | ^~~~~~~~~~~~~~~~~~ src/lcrypto.c:1074:9: warning: ‘DSA_generate_parameters’ is deprecated [-Wdeprecated-declarations] 1074 | DSA *dsa = DSA_generate_parameters(key_len, NULL, 0, NULL, NULL, NULL, NULL); | ^~~ In file included from /usr/include/openssl/e_os2.h:13, from /usr/include/openssl/err.h:13, from src/lcrypto.c:7: /usr/include/openssl/dsa.h:117:1: note: declared here 117 | DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, | ^~~~~~~~~~~~~~~~~~ src/lcrypto.c: In function ‘pkey_to_pem’: src/lcrypto.c:1164:27: error: dereferencing pointer to incomplete type ‘struct evp_pkey_st’ 1164 | if (private && pkey_st->type == EVP_PKEY_DSA) | ^~ src/lcrypto.c: In function ‘pkey_tostring’: src/lcrypto.c:1277:60: error: dereferencing pointer to incomplete type ‘EVP_PKEY’ {aka ‘struct evp_pkey_st’} 1277 | sprintf(buf, "%s %s %d %p", LUACRYPTO_PKEYNAME, (*pkey)->type == EVP_PKEY_DSA ? "DSA" : "RSA", EVP_PKEY_bits(*pkey), pkey); | ^~ src/lcrypto.c: In function ‘seal_pnew’: src/lcrypto.c:1299:46: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER_CTX’ {aka ‘struct evp_cipher_ctx_st’} 1299 | c->ctx = (EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX)); | ^~~~~~~~~~~~~~ In file included from src/lcrypto.c:8: src/lcrypto.c: In function ‘seal_tostring’: src/lcrypto.c:1320:81: error: dereferencing pointer to incomplete type ‘EVP_CIPHER_CTX’ {aka ‘struct evp_cipher_ctx_st’} 1320 | sprintf(s, "%s %p %s", LUACRYPTO_SEALNAME, (void *)c, EVP_CIPHER_name(c->ctx->cipher)); | ^~ src/lcrypto.c: In function ‘seal_fseal’: src/lcrypto.c:1400:20: error: storage size of ‘ctx’ isn’t known 1400 | EVP_CIPHER_CTX ctx; | ^~~ src/lcrypto.c: In function ‘open_pnew’: src/lcrypto.c:1483:46: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_CIPHER_CTX’ {aka ‘struct evp_cipher_ctx_st’} 1483 | c->ctx = (EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX)); | ^~~~~~~~~~~~~~ src/lcrypto.c: In function ‘open_fopen’: src/lcrypto.c:1602:20: error: storage size of ‘ctx’ isn’t known 1602 | EVP_CIPHER_CTX ctx; | ^~~