client update of TURNs and STUNs (#106)

* feature: update STUNs and TURNs in engine

* fix: setup TURN credentials request only when refresh enabled

* feature: update TURNs and STUNs in teh client app on Management update

* chore: disable peer reflexive candidates in ICE

* chore: relocate management.json

* chore: make TURN secret and pwd plain text in config

management/cmd/root.go

@@ -38,7 +38,7 @@ func init() {
 
 	stopCh = make(chan int)
 
-	defaultConfigPath = "/etc/wiretrustee/config.json"
+	defaultConfigPath = "/etc/wiretrustee/management.json"
 	if runtime.GOOS == "windows" {
 		defaultConfigPath = os.Getenv("PROGRAMDATA") + "\\Wiretrustee\\" + "config.json"
 	}

management/server/config.go

@@ -29,7 +29,7 @@ type Config struct {
 type TURNConfig struct {
 	TimeBasedCredentials bool
 	CredentialsTTL       util.Duration
-	Secret               []byte
+	Secret               string
 	Turns                []*Host
 }
 
@@ -51,5 +51,5 @@ type Host struct {
 	// URI e.g. turns://stun.wiretrustee.com:4430 or signal.wiretrustee.com:10000
 	URI      string
 	Username string
-	Password []byte
+	Password string
 }

management/server/grpcserver.go

@@ -92,7 +92,9 @@ func (s *Server) Sync(req *proto.EncryptedMessage, srv proto.ManagementService_S
 		log.Warnf("failed marking peer as connected %s %v", peerKey, err)
 	}
 
-	s.turnCredentialsManager.SetupRefresh(peerKey.String())
+	if s.config.TURNConfig.TimeBasedCredentials {
+		s.turnCredentialsManager.SetupRefresh(peerKey.String())
+	}
 	// keep a connection to the peer and send updates when available
 	for {
 		select {

management/server/testdata/management.json

@@ -13,7 +13,7 @@
                 "Proto": "udp",
                 "URI": "turn:stun.wiretrustee.com:3468",
                 "Username": "some_user",
-                "Password": "c29tZV9wYXNzd29yZA=="
+                "Password": "some_password"
             }
         ],
         "CredentialsTTL": "1h",

management/server/turncredentials.go

@@ -42,7 +42,7 @@ func NewTimeBasedAuthSecretsManager(updateManager *PeersUpdateManager, config *T
 
 //GenerateCredentials generates new time-based secret credentials - basically username is a unix timestamp and password is a HMAC hash of a timestamp with a preshared TURN secret
 func (m *TimeBasedAuthSecretsManager) GenerateCredentials() TURNCredentials {
-	mac := hmac.New(sha1.New, m.config.Secret)
+	mac := hmac.New(sha1.New, []byte(m.config.Secret))
 
 	timeAuth := time.Now().Add(m.config.CredentialsTTL.Duration).Unix()
 

management/server/turncredentials_test.go

@@ -13,12 +13,12 @@ var TurnTestHost = &Host{
 	Proto:    UDP,
 	URI:      "turn:turn.wiretrustee.com:77777",
 	Username: "username",
-	Password: nil,
+	Password: "",
 }
 
 func TestTimeBasedAuthSecretsManager_GenerateCredentials(t *testing.T) {
 	ttl := util.Duration{Duration: time.Hour}
-	secret := []byte("some_secret")
+	secret := "some_secret"
 	peersManager := NewPeersUpdateManager()
 
 	tested := NewTimeBasedAuthSecretsManager(peersManager, &TURNConfig{
@@ -36,13 +36,13 @@ func TestTimeBasedAuthSecretsManager_GenerateCredentials(t *testing.T) {
 		t.Errorf("expected generated TURN password not to be empty, got empty")
 	}
 
-	validateMAC(credentials.Username, credentials.Password, secret, t)
+	validateMAC(credentials.Username, credentials.Password, []byte(secret), t)
 
 }
 
 func TestTimeBasedAuthSecretsManager_SetupRefresh(t *testing.T) {
 	ttl := util.Duration{Duration: 2 * time.Second}
-	secret := []byte("some_secret")
+	secret := "some_secret"
 	peersManager := NewPeersUpdateManager()
 	peer := "some_peer"
 	updateChannel := peersManager.CreateChannel(peer)
@@ -91,7 +91,7 @@ loop:
 
 func TestTimeBasedAuthSecretsManager_CancelRefresh(t *testing.T) {
 	ttl := util.Duration{Duration: time.Hour}
-	secret := []byte("some_secret")
+	secret := "some_secret"
 	peersManager := NewPeersUpdateManager()
 	peer := "some_peer"