From 42141e51a1c7f7c5930ec84934628e0c8fe8f5d5 Mon Sep 17 00:00:00 2001 From: Jon Chambers Date: Tue, 1 Aug 2023 15:38:44 -0400 Subject: [PATCH] Use ACIs instead of E164s for TURN URI overrides --- .../textsecuregcm/auth/TurnTokenGenerator.java | 9 +++++---- .../configuration/TurnUriConfiguration.java | 8 +++++--- .../controllers/AccountController.java | 2 +- .../textsecuregcm/auth/TurnTokenGeneratorTest.java | 13 +++++++------ .../dynamic/DynamicConfigurationTest.java | 7 ++++--- 5 files changed, 22 insertions(+), 17 deletions(-) diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/auth/TurnTokenGenerator.java b/service/src/main/java/org/whispersystems/textsecuregcm/auth/TurnTokenGenerator.java index 780a26f1..6f2b378d 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/TurnTokenGenerator.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/TurnTokenGenerator.java @@ -23,6 +23,7 @@ import java.time.Instant; import java.util.Base64; import java.util.List; import java.util.Optional; +import java.util.UUID; public class TurnTokenGenerator { @@ -39,9 +40,9 @@ public class TurnTokenGenerator { this.turnSecret = turnSecret; } - public TurnToken generate(final String e164) { + public TurnToken generate(final UUID aci) { try { - final List urls = urls(e164); + final List urls = urls(aci); final Mac mac = Mac.getInstance(ALGORITHM); final long validUntilSeconds = Instant.now().plus(Duration.ofDays(1)).getEpochSecond(); final long user = Util.ensureNonNegativeInt(new SecureRandom().nextInt()); @@ -56,12 +57,12 @@ public class TurnTokenGenerator { } } - private List urls(final String e164) { + private List urls(final UUID aci) { final DynamicTurnConfiguration turnConfig = dynamicConfigurationManager.getConfiguration().getTurnConfiguration(); // Check if number is enrolled to test out specific turn servers final Optional enrolled = turnConfig.getUriConfigs().stream() - .filter(config -> config.getEnrolledNumbers().contains(e164)) + .filter(config -> config.getEnrolledAcis().contains(aci)) .findFirst(); if (enrolled.isPresent()) { diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/TurnUriConfiguration.java b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/TurnUriConfiguration.java index 6bce765a..913d4979 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/TurnUriConfiguration.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/TurnUriConfiguration.java @@ -6,6 +6,7 @@ import javax.validation.constraints.NotNull; import java.util.Collections; import java.util.List; import java.util.Set; +import java.util.UUID; public class TurnUriConfiguration { @JsonProperty @@ -22,7 +23,8 @@ public class TurnUriConfiguration { /** * Enrolled numbers will always get this uri list */ - private Set enrolledNumbers = Collections.emptySet(); + @JsonProperty + private Set enrolledAcis = Collections.emptySet(); public List getUris() { return uris; @@ -32,7 +34,7 @@ public class TurnUriConfiguration { return weight; } - public Set getEnrolledNumbers() { - return Collections.unmodifiableSet(enrolledNumbers); + public Set getEnrolledAcis() { + return Collections.unmodifiableSet(enrolledAcis); } } diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java index 7daa6e56..1ffc037d 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java @@ -97,7 +97,7 @@ public class AccountController { @Produces(MediaType.APPLICATION_JSON) public TurnToken getTurnToken(@Auth AuthenticatedAccount auth) throws RateLimitExceededException { rateLimiters.getTurnLimiter().validate(auth.getAccount().getUuid()); - return turnTokenGenerator.generate(auth.getAccount().getNumber()); + return turnTokenGenerator.generate(auth.getAccount().getUuid()); } @Timed diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/auth/TurnTokenGeneratorTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/auth/TurnTokenGeneratorTest.java index bce5e763..5f9a90dc 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/auth/TurnTokenGeneratorTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/auth/TurnTokenGeneratorTest.java @@ -7,6 +7,7 @@ import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager; import java.nio.charset.StandardCharsets; import java.util.Map; +import java.util.UUID; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -46,7 +47,7 @@ public class TurnTokenGeneratorTest { final long COUNT = 1000; final Map urlCounts = Stream - .generate(() -> turnTokenGenerator.generate("")) + .generate(() -> turnTokenGenerator.generate(UUID.randomUUID())) .limit(COUNT) .flatMap(token -> token.getUrls().stream()) .collect(Collectors.groupingBy(i -> i, Collectors.counting())); @@ -87,7 +88,7 @@ public class TurnTokenGeneratorTest { final long COUNT = 1000; final Map urlCounts = Stream - .generate(() -> turnTokenGenerator.generate("")) + .generate(() -> turnTokenGenerator.generate(UUID.randomUUID())) .limit(COUNT) .flatMap(token -> token.getUrls().stream()) .collect(Collectors.groupingBy(i -> i, Collectors.counting())); @@ -108,8 +109,8 @@ public class TurnTokenGeneratorTest { - uris: - enrolled.org weight: 0 - enrolledNumbers: - - +15555555555 + enrolledAcis: + - 732506d7-d04f-43a4-b1d7-8a3a91ebe8a6 - uris: - unenrolled.org weight: 1 @@ -127,9 +128,9 @@ public class TurnTokenGeneratorTest { final TurnTokenGenerator turnTokenGenerator = new TurnTokenGenerator(mockDynamicConfigManager, "bloop".getBytes(StandardCharsets.UTF_8)); - TurnToken token = turnTokenGenerator.generate("+15555555555"); + TurnToken token = turnTokenGenerator.generate(UUID.fromString("732506d7-d04f-43a4-b1d7-8a3a91ebe8a6")); assertThat(token.getUrls().get(0)).isEqualTo("enrolled.org"); - token = turnTokenGenerator.generate("+15555555556"); + token = turnTokenGenerator.generate(UUID.randomUUID()); assertThat(token.getUrls().get(0)).isEqualTo("unenrolled.org"); } diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfigurationTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfigurationTest.java index 23f8102b..c43b16d3 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfigurationTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfigurationTest.java @@ -336,8 +336,8 @@ class DynamicConfigurationTest { - uris: - turn:test2.org weight: 2 - enrolledNumbers: - - +15555555555 + enrolledAcis: + - 732506d7-d04f-43a4-b1d7-8a3a91ebe8a6 """); DynamicTurnConfiguration turnConfiguration = DynamicConfigurationManager .parseConfiguration(config, DynamicConfiguration.class) @@ -347,7 +347,8 @@ class DynamicConfigurationTest { assertThat(turnConfiguration.getUriConfigs().get(1).getUris()).hasSize(1); assertThat(turnConfiguration.getUriConfigs().get(0).getWeight()).isEqualTo(1); assertThat(turnConfiguration.getUriConfigs().get(1).getWeight()).isEqualTo(2); - assertThat(turnConfiguration.getUriConfigs().get(1).getEnrolledNumbers()).containsExactly("+15555555555"); + assertThat(turnConfiguration.getUriConfigs().get(1).getEnrolledAcis()) + .containsExactly(UUID.fromString("732506d7-d04f-43a4-b1d7-8a3a91ebe8a6")); } }