fix: update jjwt version (#846)

* chore: update jjwt version

Author: manisha1997

CHANGES.md

@@ -1,6 +1,39 @@
 twilio-java changelog
 =====================
 
+**AccessToken**
+
+- **Breaking Change**: Updated `AccessTokenBuilder` to use `byte[]` for the `secret` instead of `String`.
+    - Updated method signatures:
+        - `AccessTokenBuilder(String accountSid, String keySid, byte[] secret)`
+    - Example usage:
+      ```java
+      byte[] secret = "your_secret".getBytes();
+      AccessTokenBuilder builder = new AccessTokenBuilder(accountSid, keySid, secret);
+      ```
+
+**ClientCapability**
+
+- **Breaking Change**: Updated `ClientCapability.Builder` to use `byte[]` for the `authToken` instead of `String`.
+    - Updated method signatures:
+        - `ClientCapability.Builder(String accountSid, byte[] authToken)`
+    - Example usage:
+      ```java
+      byte[] authToken = "your_auth_token".getBytes();
+      ClientCapability.Builder builder = new ClientCapability.Builder(accountSid, authToken);
+      ```
+
+**TaskRouterCapability**
+
+- **Breaking Change**: Updated `TaskRouterCapability.Builder` to use `byte[]` for the `authToken` instead of `String`.
+    - Updated method signatures:
+        - `TaskRouterCapability.Builder(String accountSid, byte[] authToken)`
+    - Example usage:
+      ```java
+      byte[] authToken = "your_auth_token".getBytes();
+      TaskRouterCapability.Builder builder = new TaskRouterCapability.Builder(accountSid, authToken);
+      ```
+
 [2025-04-07] Version 10.7.2
 ---------------------------
 **Library - Chore**

UPGRADE.md

@@ -703,4 +703,4 @@ Task.reader("WS123").setAssignmentStatus(Lists.newArrayList(
     Task.Status.ASSIGNED.toString(), 
     Task.Status.CANCELED.toString()
 )).read();
-```
+```

pom.xml

@@ -169,7 +169,7 @@
   <properties>
     <jackson.version>2.15.0</jackson.version>
     <javadoc.plugin.version>3.3.1</javadoc.plugin.version>
-    <jjwt.version>0.11.2</jjwt.version>
+    <jjwt.version>0.12.6</jjwt.version>
     <skip.tests>false</skip.tests>
     <dependency.skip>false</dependency.skip>
     <sonar.organization>twilio</sonar.organization>
@@ -337,6 +337,11 @@
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>com.google.code.gson</groupId>
+      <artifactId>gson</artifactId>
+      <version>2.8.6</version>
+    </dependency>
   </dependencies>
   <build>
     <plugins>
@@ -491,4 +496,4 @@
     <artifactId>oss-parent</artifactId>
     <version>7</version>
   </parent>
-</project>
+</project>

src/main/java/com/twilio/example/AccessTokenExample.java

@@ -0,0 +1,38 @@
+package com.twilio.example;
+
+import com.twilio.jwt.accesstoken.AccessToken;
+import com.twilio.jwt.accesstoken.VoiceGrant;
+import java.util.HashMap;
+import com.google.gson.Gson;
+
+public class AccessTokenExample {
+  public static void main(String args[]){
+    String acctSid = System.getenv("TWILIO_ACCOUNT_SID");
+    String applicationSid = System.getenv("TWILIO_TWIML_APP_SID");
+    String apiKey = System.getenv("API_KEY");
+    String apiSecret = System.getenv("API_SECRET");
+    // Create Voice grant
+    VoiceGrant grant = new VoiceGrant();
+    grant.setOutgoingApplicationSid(applicationSid);
+
+    // Optional: add to allow incoming calls
+    grant.setIncomingAllow(true);
+
+    String randomIdentity = "random-identity";
+    // Create access token
+    AccessToken accessToken = new AccessToken.Builder(acctSid, apiKey, apiSecret.getBytes())
+        .identity(randomIdentity)
+        .grant(grant)
+        .build();
+
+    String token = accessToken.toJwt();
+
+    // create JSON response payload
+    HashMap<String, String> json = new HashMap<>();
+    json.put("identity", randomIdentity);
+    json.put("token", token);
+
+    Gson gson = new Gson();
+    System.out.println(gson.toJson(json));
+  }
+}

src/main/java/com/twilio/http/TwilioRestClient.java

@@ -104,7 +104,7 @@ public Response request(final Request request) {
 
         return response;
     }
-    
+
     public static class Builder {
         private String username;
         private String password;

src/main/java/com/twilio/jwt/Jwt.java

@@ -30,13 +30,13 @@ public abstract class Jwt {
      */
     public Jwt(
         SignatureAlgorithm algorithm,
-        String secret,
+        byte[] secret,
         String issuer,
         Date expiration
     ) {
         this(
             algorithm,
-            new SecretKeySpec(secret.getBytes(), algorithm.getJcaName()),
+            new SecretKeySpec(secret, algorithm.getJcaName()),
             issuer,
             expiration
         );

src/main/java/com/twilio/jwt/accesstoken/AccessToken.java

@@ -94,7 +94,7 @@ public Map<String, Object> getClaims() {
     public static class Builder {
         private String accountSid;
         private String keySid;
-        private String secret;
+        private byte[] secret;
         private String identity;
         private String region;
         private Date nbf = null;
@@ -108,7 +108,7 @@ public static class Builder {
          * @param keySid key to use
          * @param secret secret key
          */
-        public Builder(String accountSid, String keySid, String secret) {
+        public Builder(String accountSid, String keySid, byte[] secret) {
             this.accountSid = accountSid;
             this.keySid = keySid;
             this.secret = secret;

src/main/java/com/twilio/jwt/client/ClientCapability.java

@@ -57,7 +57,7 @@ public Map<String, Object> getClaims() {
     /** Builder used to construct a Client Capability. */
     public static class Builder {
         private String accountSid;
-        private String authToken;
+        private byte[] authToken;
         private int ttl = 3600;
         private List<Scope> scopes = new ArrayList<>();
 
@@ -67,7 +67,7 @@ public static class Builder {
          * @param accountSid account to use
          * @param authToken auth token
          */
-        public Builder(String accountSid, String authToken) {
+        public Builder(String accountSid, byte[] authToken) {
             this.accountSid = accountSid;
             this.authToken = authToken;
         }

src/main/java/com/twilio/jwt/taskrouter/TaskRouterCapability.java

@@ -66,7 +66,7 @@ public Map<String, Object> getClaims() {
     public static class Builder {
 
         private String accountSid;
-        private String authToken;
+        private byte[] authToken;
         private String workspaceSid;
         private String channelId;
         private String friendlyName;
@@ -81,7 +81,7 @@ public static class Builder {
          * @param workspaceSid workspace sid to use
          * @param channelId    channel ID to use
          */
-        public Builder(String accountSid, String authToken, String workspaceSid, String channelId) {
+        public Builder(String accountSid, byte[] authToken, String workspaceSid, String channelId) {
             this.accountSid = accountSid;
             this.authToken = authToken;
             this.workspaceSid = workspaceSid;

src/test/java/com/twilio/jwt/accesstoken/AccessTokenTest.java

@@ -1,9 +1,20 @@
 package com.twilio.jwt.accesstoken;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.twilio.jwt.Jwt;
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jws;
 import io.jsonwebtoken.JwsHeader;
+import io.jsonwebtoken.JwtParser;
+import io.jsonwebtoken.JwtParserBuilder;
 import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import java.io.IOException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -18,7 +29,19 @@ public class AccessTokenTest {
 
     private static final String ACCOUNT_SID = "AC123";
     private static final String SIGNING_KEY_SID = "SK123";
-    private static final String SECRET = "secretsecretsecretsecretsecret00";
+    private static byte[] SECRET;
+
+    static {
+      KeyGenerator keyGen = null;
+      try {
+        keyGen = KeyGenerator.getInstance("HmacSHA256");
+        keyGen.init(2048); // Use 2048 bits for stronger security
+        SecretKey pair = keyGen.generateKey();
+        SECRET = pair.getEncoded();
+      } catch (NoSuchAlgorithmException e) {
+        throw new RuntimeException(e);
+      }
+    }
 
     private void validateToken(Claims claims) {
         Assert.assertEquals(SIGNING_KEY_SID, claims.getIssuer());
@@ -32,14 +55,17 @@ private void validateToken(Claims claims) {
         Assert.assertTrue(claims.getExpiration().getTime() > new Date().getTime());
     }
 
-    private Claims getClaimFromJwtToken(Jwt token) {
-        return Jwts.parserBuilder()
-                   .setSigningKey(SECRET.getBytes()).build()
-                   .parseClaimsJws(token.toJwt())
-                   .getBody();
+    private Claims getClaimFromJwtToken(Jwt token) throws IOException {
+        io.jsonwebtoken.Jwt<?, ?> claims = Jwts.parser()
+                                        .verifyWith(Keys.hmacShaKeyFor(SECRET))
+                                        .build()
+                                        .parse(token.toJwt());
+        ObjectMapper objectMapper = new ObjectMapper();
+        Map<String,?> map = (Map<String,?>)objectMapper.readValue((byte[])claims.getPayload(), Map.class);
+        return Jwts.claims().add(map).build();
     }
 
-    private void testVoiceToken(Boolean allow) {
+    private void testVoiceToken(Boolean allow) throws IOException {
         Map<String, Object> params = new HashMap<>();
         params.put("foo", "bar");
 
@@ -70,7 +96,7 @@ private void testVoiceToken(Boolean allow) {
     }
 
     @Test
-    public void testEmptyToken() {
+    public void testEmptyToken() throws IOException {
         Jwt token =
             new AccessToken.Builder(ACCOUNT_SID, SIGNING_KEY_SID, SECRET)
                 .build();
@@ -81,7 +107,7 @@ public void testEmptyToken() {
     }
 
     @Test
-    public void testOptionalValues() {
+    public void testOptionalValues() throws IOException {
         Jwt token =
             new AccessToken.Builder(ACCOUNT_SID, SIGNING_KEY_SID, SECRET)
                 .identity(ACCOUNT_SID)
@@ -100,28 +126,28 @@ public void testRegion() {
           .region("foo")
           .build();
 
-        JwsHeader header = Jwts.parserBuilder()
-            .setSigningKey(SECRET.getBytes()).build()
-            .parseClaimsJws(token.toJwt())
-            .getHeader();
+        io.jsonwebtoken.Jwt<?, ?> jwts = Jwts.parser()
+            .verifyWith(Keys.hmacShaKeyFor(SECRET))
+            .build()
+            .parse(token.toJwt());
 
-        Assert.assertEquals("foo", header.get("twr"));
+        Assert.assertEquals("foo", jwts.getHeader().get("twr"));
     }
 
     @Test
     public void testEmptyRegion() {
         Jwt token = new AccessToken.Builder(ACCOUNT_SID, SIGNING_KEY_SID, SECRET).build();
 
-        JwsHeader header = Jwts.parserBuilder()
-            .setSigningKey(SECRET.getBytes()).build()
-            .parseClaimsJws(token.toJwt())
-            .getHeader();
+        io.jsonwebtoken.Jwt<?, ?> jwts = Jwts.parser()
+            .verifyWith(Keys.hmacShaKeyFor(SECRET))
+            .build()
+            .parse(token.toJwt());
 
-        Assert.assertEquals(null, header.get("twr"));
+        Assert.assertEquals(null, jwts.getHeader().get("twr"));
     }
 
     @Test
-    public void testVideoGrant() {
+    public void testVideoGrant() throws IOException {
         VideoGrant cg = new VideoGrant().setRoom("RM123");
         Jwt token =
             new AccessToken.Builder(ACCOUNT_SID, SIGNING_KEY_SID, SECRET)
@@ -140,7 +166,7 @@ public void testVideoGrant() {
     }
 
     @Test
-    public void testChatGrant() {
+    public void testChatGrant() throws IOException {
         ChatGrant cg = new ChatGrant()
             .setDeploymentRoleSid("RL123")
             .setEndpointId("foobar")
@@ -166,7 +192,7 @@ public void testChatGrant() {
     }
 
     @Test
-    public void testSyncGrant() {
+    public void testSyncGrant() throws IOException {
         SyncGrant sg = new SyncGrant()
                 .setEndpointId("foobar")
                 .setServiceSid("IS123");
@@ -188,7 +214,7 @@ public void testSyncGrant() {
     }
 
     @Test
-    public void testPlaybackGrant() {
+    public void testPlaybackGrant() throws IOException {
         Map<String, Object> grantPayload = new HashMap<>();
         grantPayload.put("requestCredentials", null);
         grantPayload.put("playbackUrl", "https://000.us-east-1.playback.live-video.net/api/video/v1/us-east-000.channel.000?token=xxxxx");
@@ -214,7 +240,7 @@ public void testPlaybackGrant() {
     }
 
     @Test
-    public void testTaskRouterGrant() {
+    public void testTaskRouterGrant() throws IOException {
         TaskRouterGrant trg = new TaskRouterGrant()
                 .setWorkspaceSid("WS123")
                 .setWorkerSid("WK123")
@@ -239,13 +265,13 @@ public void testTaskRouterGrant() {
     }
 
     @Test
-    public void testVoiceTokenWithIncoming() {
+    public void testVoiceTokenWithIncoming() throws IOException {
       testVoiceToken(true);
       testVoiceToken(false);
     }
 
     @Test
-    public void testVoiceTokenWithoutIncoming() {
+    public void testVoiceTokenWithoutIncoming() throws IOException {
         Map<String, Object> params = new HashMap<>();
         params.put("foo", "bar");
 
@@ -274,7 +300,7 @@ public void testVoiceTokenWithoutIncoming() {
     }
 
     @Test()
-    public void testNullValues() {
+    public void testNullValues() throws IOException {
         ChatGrant cg = new ChatGrant().setDeploymentRoleSid("RL123");
         Jwt token =
             new AccessToken.Builder(ACCOUNT_SID, SIGNING_KEY_SID, SECRET)