From 875321cecc7fd160024bd83bff2c5173d48c361e Mon Sep 17 00:00:00 2001 From: Michael Kirk Date: Wed, 28 Mar 2018 11:31:01 -0400 Subject: [PATCH] Reflector configuration supports per-country code Also update reflector hosts/policy // FREEBIE --- Pods | 2 +- Signal.xcodeproj/project.pbxproj | 6 - .../AdvancedSettingsTableViewController.m | 1 - .../DomainFrontingCountryViewController.m | 1 - .../src/ViewControllers/DebugUI/DebugUIMisc.m | 2 - .../src/ViewControllers/OWSCountryMetadata.m | 844 ------------------ .../Certificates/DigiCertGlobalRootG2.crt | Bin 0 -> 914 bytes .../DigiCertSHA2HighAssuranceServerCA.crt | Bin 0 -> 1205 bytes .../Resources/Certificates/SFSRootCAG2.crt | Bin 0 -> 1011 bytes .../src/Network/OWSCensorshipConfiguration.h | 23 +- .../src/Network/OWSCensorshipConfiguration.m | 236 ++++- .../src/Network}/OWSCountryMetadata.h | 4 +- .../src/Network/OWSCountryMetadata.m | 378 ++++++++ .../src/Network/OWSSignalService.h | 18 +- .../src/Network/OWSSignalService.m | 157 +--- SignalServiceKit/src/TSConstants.h | 5 +- 16 files changed, 645 insertions(+), 1032 deletions(-) delete mode 100644 Signal/src/ViewControllers/OWSCountryMetadata.m create mode 100644 SignalServiceKit/Resources/Certificates/DigiCertGlobalRootG2.crt create mode 100644 SignalServiceKit/Resources/Certificates/DigiCertSHA2HighAssuranceServerCA.crt create mode 100644 SignalServiceKit/Resources/Certificates/SFSRootCAG2.crt rename {Signal/src/ViewControllers => SignalServiceKit/src/Network}/OWSCountryMetadata.h (77%) create mode 100644 SignalServiceKit/src/Network/OWSCountryMetadata.m diff --git a/Pods b/Pods index 5564eb7e1..1d47ca77e 160000 --- a/Pods +++ b/Pods @@ -1 +1 @@ -Subproject commit 5564eb7e1870233872738ab652793883d1dc1c3d +Subproject commit 1d47ca77ea929a2fd76b2b3410487b61f18f5b54 diff --git a/Signal.xcodeproj/project.pbxproj b/Signal.xcodeproj/project.pbxproj index 780a47d72..581cb5d01 100644 --- a/Signal.xcodeproj/project.pbxproj +++ b/Signal.xcodeproj/project.pbxproj @@ -154,7 +154,6 @@ 3478506C1FD9B78A007B8332 /* NoopNotificationsManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 347850681FD9B78A007B8332 /* NoopNotificationsManager.swift */; }; 347850711FDAEB17007B8332 /* OWSUserProfile.m in Sources */ = {isa = PBXBuildFile; fileRef = 3478506F1FDAEB16007B8332 /* OWSUserProfile.m */; }; 347850721FDAEB17007B8332 /* OWSUserProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = 347850701FDAEB16007B8332 /* OWSUserProfile.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 3497DBEC1ECE257500DB2605 /* OWSCountryMetadata.m in Sources */ = {isa = PBXBuildFile; fileRef = 3497DBEB1ECE257500DB2605 /* OWSCountryMetadata.m */; }; 34A55F3720485465002CC6DE /* OWS2FARegistrationViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 34A55F3520485464002CC6DE /* OWS2FARegistrationViewController.m */; }; 34A910601FFEB114000C4745 /* OWSBackup.m in Sources */ = {isa = PBXBuildFile; fileRef = 34A9105F1FFEB114000C4745 /* OWSBackup.m */; }; 34B0796D1FCF46B100E248C2 /* MainAppContext.m in Sources */ = {isa = PBXBuildFile; fileRef = 34B0796B1FCF46B000E248C2 /* MainAppContext.m */; }; @@ -720,8 +719,6 @@ 347850701FDAEB16007B8332 /* OWSUserProfile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OWSUserProfile.h; sourceTree = ""; }; 348F2EAD1F0D21BC00D4ECE0 /* DeviceSleepManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DeviceSleepManager.swift; sourceTree = ""; }; 3495BC911F1426B800B478F5 /* ar */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ar; path = translations/ar.lproj/Localizable.strings; sourceTree = ""; }; - 3497DBEA1ECE257500DB2605 /* OWSCountryMetadata.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OWSCountryMetadata.h; sourceTree = ""; }; - 3497DBEB1ECE257500DB2605 /* OWSCountryMetadata.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OWSCountryMetadata.m; sourceTree = ""; }; 34A55F3520485464002CC6DE /* OWS2FARegistrationViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OWS2FARegistrationViewController.m; sourceTree = ""; }; 34A55F3620485464002CC6DE /* OWS2FARegistrationViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OWS2FARegistrationViewController.h; sourceTree = ""; }; 34A9105E1FFEB113000C4745 /* OWSBackup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OWSBackup.h; sourceTree = ""; }; @@ -1575,8 +1572,6 @@ 34A55F3520485464002CC6DE /* OWS2FARegistrationViewController.m */, 345BC30A2047030600257B7C /* OWS2FASettingsViewController.h */, 345BC30B2047030600257B7C /* OWS2FASettingsViewController.m */, - 3497DBEA1ECE257500DB2605 /* OWSCountryMetadata.h */, - 3497DBEB1ECE257500DB2605 /* OWSCountryMetadata.m */, 34C42D591F45F7A80072EC04 /* OWSNavigationController.h */, 34C42D5A1F45F7A80072EC04 /* OWSNavigationController.m */, 34CE88E51F2FB9A10098030F /* ProfileViewController.h */, @@ -3195,7 +3190,6 @@ 340FC8AB204DAC8D007AEB0F /* DomainFrontingCountryViewController.m in Sources */, 34B3F8751E8DF1700035BE1A /* CallViewController.swift in Sources */, 34D8C0281ED3673300188D7C /* DebugUITableViewController.m in Sources */, - 3497DBEC1ECE257500DB2605 /* OWSCountryMetadata.m in Sources */, 45F32C222057297A00A300D5 /* MediaDetailViewController.m in Sources */, 34B3F8851E8DF1700035BE1A /* NewGroupViewController.m in Sources */, 34D8C0271ED3673300188D7C /* DebugUIMessages.m in Sources */, diff --git a/Signal/src/ViewControllers/AppSettings/AdvancedSettingsTableViewController.m b/Signal/src/ViewControllers/AppSettings/AdvancedSettingsTableViewController.m index 76ddba6a9..1b6ad314b 100644 --- a/Signal/src/ViewControllers/AppSettings/AdvancedSettingsTableViewController.m +++ b/Signal/src/ViewControllers/AppSettings/AdvancedSettingsTableViewController.m @@ -230,7 +230,6 @@ NS_ASSUME_NONNULL_BEGIN if (countryMetadata) { // Ensure the "manual censorship circumvention" country state is in sync. OWSSignalService.sharedInstance.manualCensorshipCircumventionCountryCode = countryCode; - OWSSignalService.sharedInstance.manualCensorshipCircumventionDomain = countryMetadata.googleDomain; } return countryMetadata; diff --git a/Signal/src/ViewControllers/AppSettings/DomainFrontingCountryViewController.m b/Signal/src/ViewControllers/AppSettings/DomainFrontingCountryViewController.m index b2f22a7a5..a5f2ccf8b 100644 --- a/Signal/src/ViewControllers/AppSettings/DomainFrontingCountryViewController.m +++ b/Signal/src/ViewControllers/AppSettings/DomainFrontingCountryViewController.m @@ -87,7 +87,6 @@ NS_ASSUME_NONNULL_BEGIN OWSAssert(countryMetadata); OWSSignalService.sharedInstance.manualCensorshipCircumventionCountryCode = countryMetadata.countryCode; - OWSSignalService.sharedInstance.manualCensorshipCircumventionDomain = countryMetadata.googleDomain; [self.navigationController popViewControllerAnimated:YES]; } diff --git a/Signal/src/ViewControllers/DebugUI/DebugUIMisc.m b/Signal/src/ViewControllers/DebugUI/DebugUIMisc.m index 2ddc7951f..e715add2d 100644 --- a/Signal/src/ViewControllers/DebugUI/DebugUIMisc.m +++ b/Signal/src/ViewControllers/DebugUI/DebugUIMisc.m @@ -159,8 +159,6 @@ NS_ASSUME_NONNULL_BEGIN OWSAssert(countryMetadata); OWSSignalService.sharedInstance.manualCensorshipCircumventionCountryCode = countryCode; - OWSSignalService.sharedInstance.manualCensorshipCircumventionDomain = countryMetadata.googleDomain; - OWSSignalService.sharedInstance.isCensorshipCircumventionManuallyActivated = isEnabled; } diff --git a/Signal/src/ViewControllers/OWSCountryMetadata.m b/Signal/src/ViewControllers/OWSCountryMetadata.m deleted file mode 100644 index 542100141..000000000 --- a/Signal/src/ViewControllers/OWSCountryMetadata.m +++ /dev/null @@ -1,844 +0,0 @@ -// -// Copyright (c) 2017 Open Whisper Systems. All rights reserved. -// - -#import "OWSCountryMetadata.h" - -NS_ASSUME_NONNULL_BEGIN - -@implementation OWSCountryMetadata - -+ (OWSCountryMetadata *)countryMetadataWithName:(NSString *)name - tld:(NSString *)tld - googleDomain:(NSString *)googleDomain - countryCode:(NSString *)countryCode -{ - OWSAssert(name.length > 0); - OWSAssert(tld.length > 0); - OWSAssert(googleDomain.length > 0); - OWSAssert(countryCode.length > 0); - - OWSCountryMetadata *instance = [OWSCountryMetadata new]; - instance.name = name; - instance.tld = tld; - instance.googleDomain = googleDomain; - instance.countryCode = countryCode; - - NSString *localizedCountryName = [[NSLocale currentLocale] displayNameForKey:NSLocaleCountryCode value:countryCode]; - if (localizedCountryName.length < 1) { - localizedCountryName = name; - } - instance.localizedCountryName = localizedCountryName; - - return instance; -} - -+ (OWSCountryMetadata *)countryMetadataForCountryCode:(NSString *)countryCode -{ - OWSAssert(countryCode.length > 0); - - return [self countryCodeToCountryMetadataMap][countryCode]; -} - -+ (NSDictionary *)countryCodeToCountryMetadataMap -{ - static NSDictionary *cachedValue = nil; - static dispatch_once_t onceToken; - dispatch_once(&onceToken, ^{ - NSMutableDictionary *map = [NSMutableDictionary new]; - for (OWSCountryMetadata *metadata in [self allCountryMetadatas]) { - map[metadata.countryCode] = metadata; - } - cachedValue = map; - }); - return cachedValue; -} - -+ (NSArray *)allCountryMetadatas -{ - static NSArray *cachedValue = nil; - static dispatch_once_t onceToken; - dispatch_once(&onceToken, ^{ - // This list is derived from: - // - // * https://en.wikipedia.org/wiki/List_of_Google_domains - // * https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 - cachedValue = @[ - [OWSCountryMetadata countryMetadataWithName:@"Andorra" - tld:@".ad" - googleDomain:@"google.ad" - countryCode:@"AD"], - [OWSCountryMetadata countryMetadataWithName:@"United Arab Emirates" - tld:@".ae" - googleDomain:@"google.ae" - countryCode:@"AE"], - [OWSCountryMetadata countryMetadataWithName:@"Afghanistan" - tld:@".af" - googleDomain:@"google.com.af" - countryCode:@"AF"], - [OWSCountryMetadata countryMetadataWithName:@"Antigua and Barbuda" - tld:@".ag" - googleDomain:@"google.com.ag" - countryCode:@"AG"], - [OWSCountryMetadata countryMetadataWithName:@"Anguilla" - tld:@".ai" - googleDomain:@"google.com.ai" - countryCode:@"AI"], - [OWSCountryMetadata countryMetadataWithName:@"Albania" - tld:@".al" - googleDomain:@"google.al" - countryCode:@"AL"], - [OWSCountryMetadata countryMetadataWithName:@"Armenia" - tld:@".am" - googleDomain:@"google.am" - countryCode:@"AM"], - [OWSCountryMetadata countryMetadataWithName:@"Angola" - tld:@".ao" - googleDomain:@"google.co.ao" - countryCode:@"AO"], - [OWSCountryMetadata countryMetadataWithName:@"Argentina" - tld:@".ar" - googleDomain:@"google.com.ar" - countryCode:@"AR"], - [OWSCountryMetadata countryMetadataWithName:@"American Samoa" - tld:@".as" - googleDomain:@"google.as" - countryCode:@"AS"], - [OWSCountryMetadata countryMetadataWithName:@"Austria" - tld:@".at" - googleDomain:@"google.at" - countryCode:@"AT"], - [OWSCountryMetadata countryMetadataWithName:@"Australia" - tld:@".au" - googleDomain:@"google.com.au" - countryCode:@"AU"], - [OWSCountryMetadata countryMetadataWithName:@"Azerbaijan" - tld:@".az" - googleDomain:@"google.az" - countryCode:@"AZ"], - [OWSCountryMetadata countryMetadataWithName:@"Bosnia and Herzegovina" - tld:@".ba" - googleDomain:@"google.ba" - countryCode:@"BA"], - [OWSCountryMetadata countryMetadataWithName:@"Bangladesh" - tld:@".bd" - googleDomain:@"google.com.bd" - countryCode:@"BD"], - [OWSCountryMetadata countryMetadataWithName:@"Belgium" - tld:@".be" - googleDomain:@"google.be" - countryCode:@"BE"], - [OWSCountryMetadata countryMetadataWithName:@"Burkina Faso" - tld:@".bf" - googleDomain:@"google.bf" - countryCode:@"BF"], - [OWSCountryMetadata countryMetadataWithName:@"Bulgaria" - tld:@".bg" - googleDomain:@"google.bg" - countryCode:@"BG"], - [OWSCountryMetadata countryMetadataWithName:@"Bahrain" - tld:@".bh" - googleDomain:@"google.com.bh" - countryCode:@"BH"], - [OWSCountryMetadata countryMetadataWithName:@"Burundi" - tld:@".bi" - googleDomain:@"google.bi" - countryCode:@"BI"], - [OWSCountryMetadata countryMetadataWithName:@"Benin" - tld:@".bj" - googleDomain:@"google.bj" - countryCode:@"BJ"], - [OWSCountryMetadata countryMetadataWithName:@"Brunei" - tld:@".bn" - googleDomain:@"google.com.bn" - countryCode:@"BN"], - [OWSCountryMetadata countryMetadataWithName:@"Bolivia" - tld:@".bo" - googleDomain:@"google.com.bo" - countryCode:@"BO"], - [OWSCountryMetadata countryMetadataWithName:@"Brazil" - tld:@".br" - googleDomain:@"google.com.br" - countryCode:@"BR"], - [OWSCountryMetadata countryMetadataWithName:@"Bahamas" - tld:@".bs" - googleDomain:@"google.bs" - countryCode:@"BS"], - [OWSCountryMetadata countryMetadataWithName:@"Bhutan" - tld:@".bt" - googleDomain:@"google.bt" - countryCode:@"BT"], - [OWSCountryMetadata countryMetadataWithName:@"Botswana" - tld:@".bw" - googleDomain:@"google.co.bw" - countryCode:@"BW"], - [OWSCountryMetadata countryMetadataWithName:@"Belarus" - tld:@".by" - googleDomain:@"google.by" - countryCode:@"BY"], - [OWSCountryMetadata countryMetadataWithName:@"Belize" - tld:@".bz" - googleDomain:@"google.com.bz" - countryCode:@"BZ"], - [OWSCountryMetadata countryMetadataWithName:@"Canada" - tld:@".ca" - googleDomain:@"google.ca" - countryCode:@"CA"], - [OWSCountryMetadata countryMetadataWithName:@"Cambodia" - tld:@".kh" - googleDomain:@"google.com.kh" - countryCode:@"KH"], - [OWSCountryMetadata countryMetadataWithName:@"Cocos (Keeling) Islands" - tld:@".cc" - googleDomain:@"google.cc" - countryCode:@"CC"], - [OWSCountryMetadata countryMetadataWithName:@"Democratic Republic of the Congo" - tld:@".cd" - googleDomain:@"google.cd" - countryCode:@"CD"], - [OWSCountryMetadata countryMetadataWithName:@"Central African Republic" - tld:@".cf" - googleDomain:@"google.cf" - countryCode:@"CF"], - [OWSCountryMetadata countryMetadataWithName:@"Republic of the Congo" - tld:@".cg" - googleDomain:@"google.cg" - countryCode:@"CG"], - [OWSCountryMetadata countryMetadataWithName:@"Switzerland" - tld:@".ch" - googleDomain:@"google.ch" - countryCode:@"CH"], - [OWSCountryMetadata countryMetadataWithName:@"Ivory Coast" - tld:@".ci" - googleDomain:@"google.ci" - countryCode:@"CI"], - [OWSCountryMetadata countryMetadataWithName:@"Cook Islands" - tld:@".ck" - googleDomain:@"google.co.ck" - countryCode:@"CK"], - [OWSCountryMetadata countryMetadataWithName:@"Chile" - tld:@".cl" - googleDomain:@"google.cl" - countryCode:@"CL"], - [OWSCountryMetadata countryMetadataWithName:@"Cameroon" - tld:@".cm" - googleDomain:@"google.cm" - countryCode:@"CM"], - [OWSCountryMetadata countryMetadataWithName:@"China" - tld:@".cn" - googleDomain:@"google.cn" - countryCode:@"CN"], - [OWSCountryMetadata countryMetadataWithName:@"Colombia" - tld:@".co" - googleDomain:@"google.co" - countryCode:@"CO"], - [OWSCountryMetadata countryMetadataWithName:@"Costa Rica" - tld:@".cr" - googleDomain:@"google.co.cr" - countryCode:@"CR"], - [OWSCountryMetadata countryMetadataWithName:@"Cuba" - tld:@".cu" - googleDomain:@"google.com.cu" - countryCode:@"CU"], - [OWSCountryMetadata countryMetadataWithName:@"Cape Verde" - tld:@".cv" - googleDomain:@"google.cv" - countryCode:@"CV"], - [OWSCountryMetadata countryMetadataWithName:@"Christmas Island" - tld:@".cx" - googleDomain:@"google.cx" - countryCode:@"CX"], - [OWSCountryMetadata countryMetadataWithName:@"Cyprus" - tld:@".cy" - googleDomain:@"google.com.cy" - countryCode:@"CY"], - [OWSCountryMetadata countryMetadataWithName:@"Czech Republic" - tld:@".cz" - googleDomain:@"google.cz" - countryCode:@"CZ"], - [OWSCountryMetadata countryMetadataWithName:@"Germany" - tld:@".de" - googleDomain:@"google.de" - countryCode:@"DE"], - [OWSCountryMetadata countryMetadataWithName:@"Djibouti" - tld:@".dj" - googleDomain:@"google.dj" - countryCode:@"DJ"], - [OWSCountryMetadata countryMetadataWithName:@"Denmark" - tld:@".dk" - googleDomain:@"google.dk" - countryCode:@"DK"], - [OWSCountryMetadata countryMetadataWithName:@"Dominica" - tld:@".dm" - googleDomain:@"google.dm" - countryCode:@"DM"], - [OWSCountryMetadata countryMetadataWithName:@"Dominican Republic" - tld:@".do" - googleDomain:@"google.com.do" - countryCode:@"DO"], - [OWSCountryMetadata countryMetadataWithName:@"Algeria" - tld:@".dz" - googleDomain:@"google.dz" - countryCode:@"DZ"], - [OWSCountryMetadata countryMetadataWithName:@"Ecuador" - tld:@".ec" - googleDomain:@"google.com.ec" - countryCode:@"EC"], - [OWSCountryMetadata countryMetadataWithName:@"Estonia" - tld:@".ee" - googleDomain:@"google.ee" - countryCode:@"EE"], - [OWSCountryMetadata countryMetadataWithName:@"Egypt" - tld:@".eg" - googleDomain:@"google.com.eg" - countryCode:@"EG"], - [OWSCountryMetadata countryMetadataWithName:@"Spain" - tld:@".es" - googleDomain:@"google.es" - countryCode:@"ES"], - [OWSCountryMetadata countryMetadataWithName:@"Ethiopia" - tld:@".et" - googleDomain:@"google.com.et" - countryCode:@"ET"], - [OWSCountryMetadata countryMetadataWithName:@"Finland" - tld:@".fi" - googleDomain:@"google.fi" - countryCode:@"FI"], - [OWSCountryMetadata countryMetadataWithName:@"Fiji" - tld:@".fj" - googleDomain:@"google.com.fj" - countryCode:@"FJ"], - [OWSCountryMetadata countryMetadataWithName:@"Federated States of Micronesia" - tld:@".fm" - googleDomain:@"google.fm" - countryCode:@"FM"], - [OWSCountryMetadata countryMetadataWithName:@"France" - tld:@".fr" - googleDomain:@"google.fr" - countryCode:@"FR"], - [OWSCountryMetadata countryMetadataWithName:@"Gabon" - tld:@".ga" - googleDomain:@"google.ga" - countryCode:@"GA"], - [OWSCountryMetadata countryMetadataWithName:@"Georgia" - tld:@".ge" - googleDomain:@"google.ge" - countryCode:@"GE"], - [OWSCountryMetadata countryMetadataWithName:@"French Guiana" - tld:@".gf" - googleDomain:@"google.gf" - countryCode:@"GF"], - [OWSCountryMetadata countryMetadataWithName:@"Guernsey" - tld:@".gg" - googleDomain:@"google.gg" - countryCode:@"GG"], - [OWSCountryMetadata countryMetadataWithName:@"Ghana" - tld:@".gh" - googleDomain:@"google.com.gh" - countryCode:@"GH"], - [OWSCountryMetadata countryMetadataWithName:@"Gibraltar" - tld:@".gi" - googleDomain:@"google.com.gi" - countryCode:@"GI"], - [OWSCountryMetadata countryMetadataWithName:@"Greenland" - tld:@".gl" - googleDomain:@"google.gl" - countryCode:@"GL"], - [OWSCountryMetadata countryMetadataWithName:@"Gambia" - tld:@".gm" - googleDomain:@"google.gm" - countryCode:@"GM"], - [OWSCountryMetadata countryMetadataWithName:@"Guadeloupe" - tld:@".gp" - googleDomain:@"google.gp" - countryCode:@"GP"], - [OWSCountryMetadata countryMetadataWithName:@"Greece" - tld:@".gr" - googleDomain:@"google.gr" - countryCode:@"GR"], - [OWSCountryMetadata countryMetadataWithName:@"Guatemala" - tld:@".gt" - googleDomain:@"google.com.gt" - countryCode:@"GT"], - [OWSCountryMetadata countryMetadataWithName:@"Guyana" - tld:@".gy" - googleDomain:@"google.gy" - countryCode:@"GY"], - [OWSCountryMetadata countryMetadataWithName:@"Hong Kong" - tld:@".hk" - googleDomain:@"google.com.hk" - countryCode:@"HK"], - [OWSCountryMetadata countryMetadataWithName:@"Honduras" - tld:@".hn" - googleDomain:@"google.hn" - countryCode:@"HN"], - [OWSCountryMetadata countryMetadataWithName:@"Croatia" - tld:@".hr" - googleDomain:@"google.hr" - countryCode:@"HR"], - [OWSCountryMetadata countryMetadataWithName:@"Haiti" - tld:@".ht" - googleDomain:@"google.ht" - countryCode:@"HT"], - [OWSCountryMetadata countryMetadataWithName:@"Hungary" - tld:@".hu" - googleDomain:@"google.hu" - countryCode:@"HU"], - [OWSCountryMetadata countryMetadataWithName:@"Indonesia" - tld:@".id" - googleDomain:@"google.co.id" - countryCode:@"ID"], - [OWSCountryMetadata countryMetadataWithName:@"Iraq" tld:@".iq" googleDomain:@"google.iq" countryCode:@"IQ"], - [OWSCountryMetadata countryMetadataWithName:@"Ireland" - tld:@".ie" - googleDomain:@"google.ie" - countryCode:@"IE"], - [OWSCountryMetadata countryMetadataWithName:@"Israel" - tld:@".il" - googleDomain:@"google.co.il" - countryCode:@"IL"], - [OWSCountryMetadata countryMetadataWithName:@"Isle of Man" - tld:@".im" - googleDomain:@"google.im" - countryCode:@"IM"], - [OWSCountryMetadata countryMetadataWithName:@"India" - tld:@".in" - googleDomain:@"google.co.in" - countryCode:@"IN"], - [OWSCountryMetadata countryMetadataWithName:@"British Indian Ocean Territory" - tld:@".io" - googleDomain:@"google.io" - countryCode:@"IO"], - [OWSCountryMetadata countryMetadataWithName:@"Iceland" - tld:@".is" - googleDomain:@"google.is" - countryCode:@"IS"], - [OWSCountryMetadata countryMetadataWithName:@"Italy" - tld:@".it" - googleDomain:@"google.it" - countryCode:@"IT"], - [OWSCountryMetadata countryMetadataWithName:@"Jersey" - tld:@".je" - googleDomain:@"google.je" - countryCode:@"JE"], - [OWSCountryMetadata countryMetadataWithName:@"Jamaica" - tld:@".jm" - googleDomain:@"google.com.jm" - countryCode:@"JM"], - [OWSCountryMetadata countryMetadataWithName:@"Jordan" - tld:@".jo" - googleDomain:@"google.jo" - countryCode:@"JO"], - [OWSCountryMetadata countryMetadataWithName:@"Japan" - tld:@".jp" - googleDomain:@"google.co.jp" - countryCode:@"JP"], - [OWSCountryMetadata countryMetadataWithName:@"Kenya" - tld:@".ke" - googleDomain:@"google.co.ke" - countryCode:@"KE"], - [OWSCountryMetadata countryMetadataWithName:@"Kiribati" - tld:@".ki" - googleDomain:@"google.ki" - countryCode:@"KI"], - [OWSCountryMetadata countryMetadataWithName:@"Kyrgyzstan" - tld:@".kg" - googleDomain:@"google.kg" - countryCode:@"KG"], - [OWSCountryMetadata countryMetadataWithName:@"South Korea" - tld:@".kr" - googleDomain:@"google.co.kr" - countryCode:@"KR"], - [OWSCountryMetadata countryMetadataWithName:@"Kuwait" - tld:@".kw" - googleDomain:@"google.com.kw" - countryCode:@"KW"], - [OWSCountryMetadata countryMetadataWithName:@"Kazakhstan" - tld:@".kz" - googleDomain:@"google.kz" - countryCode:@"KZ"], - [OWSCountryMetadata countryMetadataWithName:@"Laos" tld:@".la" googleDomain:@"google.la" countryCode:@"LA"], - [OWSCountryMetadata countryMetadataWithName:@"Lebanon" - tld:@".lb" - googleDomain:@"google.com.lb" - countryCode:@"LB"], - [OWSCountryMetadata countryMetadataWithName:@"Saint Lucia" - tld:@".lc" - googleDomain:@"google.com.lc" - countryCode:@"LC"], - [OWSCountryMetadata countryMetadataWithName:@"Liechtenstein" - tld:@".li" - googleDomain:@"google.li" - countryCode:@"LI"], - [OWSCountryMetadata countryMetadataWithName:@"Sri Lanka" - tld:@".lk" - googleDomain:@"google.lk" - countryCode:@"LK"], - [OWSCountryMetadata countryMetadataWithName:@"Lesotho" - tld:@".ls" - googleDomain:@"google.co.ls" - countryCode:@"LS"], - [OWSCountryMetadata countryMetadataWithName:@"Lithuania" - tld:@".lt" - googleDomain:@"google.lt" - countryCode:@"LT"], - [OWSCountryMetadata countryMetadataWithName:@"Luxembourg" - tld:@".lu" - googleDomain:@"google.lu" - countryCode:@"LU"], - [OWSCountryMetadata countryMetadataWithName:@"Latvia" - tld:@".lv" - googleDomain:@"google.lv" - countryCode:@"LV"], - [OWSCountryMetadata countryMetadataWithName:@"Libya" - tld:@".ly" - googleDomain:@"google.com.ly" - countryCode:@"LY"], - [OWSCountryMetadata countryMetadataWithName:@"Morocco" - tld:@".ma" - googleDomain:@"google.co.ma" - countryCode:@"MA"], - [OWSCountryMetadata countryMetadataWithName:@"Moldova" - tld:@".md" - googleDomain:@"google.md" - countryCode:@"MD"], - [OWSCountryMetadata countryMetadataWithName:@"Montenegro" - tld:@".me" - googleDomain:@"google.me" - countryCode:@"ME"], - [OWSCountryMetadata countryMetadataWithName:@"Madagascar" - tld:@".mg" - googleDomain:@"google.mg" - countryCode:@"MG"], - [OWSCountryMetadata countryMetadataWithName:@"Macedonia" - tld:@".mk" - googleDomain:@"google.mk" - countryCode:@"MK"], - [OWSCountryMetadata countryMetadataWithName:@"Mali" tld:@".ml" googleDomain:@"google.ml" countryCode:@"ML"], - [OWSCountryMetadata countryMetadataWithName:@"Myanmar" - tld:@".mm" - googleDomain:@"google.com.mm" - countryCode:@"MM"], - [OWSCountryMetadata countryMetadataWithName:@"Mongolia" - tld:@".mn" - googleDomain:@"google.mn" - countryCode:@"MN"], - [OWSCountryMetadata countryMetadataWithName:@"Montserrat" - tld:@".ms" - googleDomain:@"google.ms" - countryCode:@"MS"], - [OWSCountryMetadata countryMetadataWithName:@"Malta" - tld:@".mt" - googleDomain:@"google.com.mt" - countryCode:@"MT"], - [OWSCountryMetadata countryMetadataWithName:@"Mauritius" - tld:@".mu" - googleDomain:@"google.mu" - countryCode:@"MU"], - [OWSCountryMetadata countryMetadataWithName:@"Maldives" - tld:@".mv" - googleDomain:@"google.mv" - countryCode:@"MV"], - [OWSCountryMetadata countryMetadataWithName:@"Malawi" - tld:@".mw" - googleDomain:@"google.mw" - countryCode:@"MW"], - [OWSCountryMetadata countryMetadataWithName:@"Mexico" - tld:@".mx" - googleDomain:@"google.com.mx" - countryCode:@"MX"], - [OWSCountryMetadata countryMetadataWithName:@"Malaysia" - tld:@".my" - googleDomain:@"google.com.my" - countryCode:@"MY"], - [OWSCountryMetadata countryMetadataWithName:@"Mozambique" - tld:@".mz" - googleDomain:@"google.co.mz" - countryCode:@"MZ"], - [OWSCountryMetadata countryMetadataWithName:@"Namibia" - tld:@".na" - googleDomain:@"google.com.na" - countryCode:@"NA"], - [OWSCountryMetadata countryMetadataWithName:@"Niger" - tld:@".ne" - googleDomain:@"google.ne" - countryCode:@"NE"], - [OWSCountryMetadata countryMetadataWithName:@"Norfolk Island" - tld:@".nf" - googleDomain:@"google.nf" - countryCode:@"NF"], - [OWSCountryMetadata countryMetadataWithName:@"Nigeria" - tld:@".ng" - googleDomain:@"google.com.ng" - countryCode:@"NG"], - [OWSCountryMetadata countryMetadataWithName:@"Nicaragua" - tld:@".ni" - googleDomain:@"google.com.ni" - countryCode:@"NI"], - [OWSCountryMetadata countryMetadataWithName:@"Netherlands" - tld:@".nl" - googleDomain:@"google.nl" - countryCode:@"NL"], - [OWSCountryMetadata countryMetadataWithName:@"Norway" - tld:@".no" - googleDomain:@"google.no" - countryCode:@"NO"], - [OWSCountryMetadata countryMetadataWithName:@"Nepal" - tld:@".np" - googleDomain:@"google.com.np" - countryCode:@"NP"], - [OWSCountryMetadata countryMetadataWithName:@"Nauru" - tld:@".nr" - googleDomain:@"google.nr" - countryCode:@"NR"], - [OWSCountryMetadata countryMetadataWithName:@"Niue" tld:@".nu" googleDomain:@"google.nu" countryCode:@"NU"], - [OWSCountryMetadata countryMetadataWithName:@"New Zealand" - tld:@".nz" - googleDomain:@"google.co.nz" - countryCode:@"NZ"], - [OWSCountryMetadata countryMetadataWithName:@"Oman" - tld:@".om" - googleDomain:@"google.com.om" - countryCode:@"OM"], - [OWSCountryMetadata countryMetadataWithName:@"Pakistan" - tld:@".pk" - googleDomain:@"google.com.pk" - countryCode:@"PK"], - [OWSCountryMetadata countryMetadataWithName:@"Panama" - tld:@".pa" - googleDomain:@"google.com.pa" - countryCode:@"PA"], - [OWSCountryMetadata countryMetadataWithName:@"Peru" - tld:@".pe" - googleDomain:@"google.com.pe" - countryCode:@"PE"], - [OWSCountryMetadata countryMetadataWithName:@"Philippines" - tld:@".ph" - googleDomain:@"google.com.ph" - countryCode:@"PH"], - [OWSCountryMetadata countryMetadataWithName:@"Poland" - tld:@".pl" - googleDomain:@"google.pl" - countryCode:@"PL"], - [OWSCountryMetadata countryMetadataWithName:@"Papua New Guinea" - tld:@".pg" - googleDomain:@"google.com.pg" - countryCode:@"PG"], - [OWSCountryMetadata countryMetadataWithName:@"Pitcairn Islands" - tld:@".pn" - googleDomain:@"google.pn" - countryCode:@"PN"], - [OWSCountryMetadata countryMetadataWithName:@"Puerto Rico" - tld:@".pr" - googleDomain:@"google.com.pr" - countryCode:@"PR"], - [OWSCountryMetadata countryMetadataWithName:@"Palestine[4]" - tld:@".ps" - googleDomain:@"google.ps" - countryCode:@"PS"], - [OWSCountryMetadata countryMetadataWithName:@"Portugal" - tld:@".pt" - googleDomain:@"google.pt" - countryCode:@"PT"], - [OWSCountryMetadata countryMetadataWithName:@"Paraguay" - tld:@".py" - googleDomain:@"google.com.py" - countryCode:@"PY"], - [OWSCountryMetadata countryMetadataWithName:@"Qatar" - tld:@".qa" - googleDomain:@"google.com.qa" - countryCode:@"QA"], - [OWSCountryMetadata countryMetadataWithName:@"Romania" - tld:@".ro" - googleDomain:@"google.ro" - countryCode:@"RO"], - [OWSCountryMetadata countryMetadataWithName:@"Serbia" - tld:@".rs" - googleDomain:@"google.rs" - countryCode:@"RS"], - [OWSCountryMetadata countryMetadataWithName:@"Russia" - tld:@".ru" - googleDomain:@"google.ru" - countryCode:@"RU"], - [OWSCountryMetadata countryMetadataWithName:@"Rwanda" - tld:@".rw" - googleDomain:@"google.rw" - countryCode:@"RW"], - [OWSCountryMetadata countryMetadataWithName:@"Saudi Arabia" - tld:@".sa" - googleDomain:@"google.com.sa" - countryCode:@"SA"], - [OWSCountryMetadata countryMetadataWithName:@"Solomon Islands" - tld:@".sb" - googleDomain:@"google.com.sb" - countryCode:@"SB"], - [OWSCountryMetadata countryMetadataWithName:@"Seychelles" - tld:@".sc" - googleDomain:@"google.sc" - countryCode:@"SC"], - [OWSCountryMetadata countryMetadataWithName:@"Sweden" - tld:@".se" - googleDomain:@"google.se" - countryCode:@"SE"], - [OWSCountryMetadata countryMetadataWithName:@"Singapore" - tld:@".sg" - googleDomain:@"google.com.sg" - countryCode:@"SG"], - [OWSCountryMetadata countryMetadataWithName:@"Saint Helena, Ascension and Tristan da Cunha" - tld:@".sh" - googleDomain:@"google.sh" - countryCode:@"SH"], - [OWSCountryMetadata countryMetadataWithName:@"Slovenia" - tld:@".si" - googleDomain:@"google.si" - countryCode:@"SI"], - [OWSCountryMetadata countryMetadataWithName:@"Slovakia" - tld:@".sk" - googleDomain:@"google.sk" - countryCode:@"SK"], - [OWSCountryMetadata countryMetadataWithName:@"Sierra Leone" - tld:@".sl" - googleDomain:@"google.com.sl" - countryCode:@"SL"], - [OWSCountryMetadata countryMetadataWithName:@"Senegal" - tld:@".sn" - googleDomain:@"google.sn" - countryCode:@"SN"], - [OWSCountryMetadata countryMetadataWithName:@"San Marino" - tld:@".sm" - googleDomain:@"google.sm" - countryCode:@"SM"], - [OWSCountryMetadata countryMetadataWithName:@"Somalia" - tld:@".so" - googleDomain:@"google.so" - countryCode:@"SO"], - [OWSCountryMetadata countryMetadataWithName:@"São Tomé and Príncipe" - tld:@".st" - googleDomain:@"google.st" - countryCode:@"ST"], - [OWSCountryMetadata countryMetadataWithName:@"Suriname" - tld:@".sr" - googleDomain:@"google.sr" - countryCode:@"SR"], - [OWSCountryMetadata countryMetadataWithName:@"El Salvador" - tld:@".sv" - googleDomain:@"google.com.sv" - countryCode:@"SV"], - [OWSCountryMetadata countryMetadataWithName:@"Chad" tld:@".td" googleDomain:@"google.td" countryCode:@"TD"], - [OWSCountryMetadata countryMetadataWithName:@"Togo" tld:@".tg" googleDomain:@"google.tg" countryCode:@"TG"], - [OWSCountryMetadata countryMetadataWithName:@"Thailand" - tld:@".th" - googleDomain:@"google.co.th" - countryCode:@"TH"], - [OWSCountryMetadata countryMetadataWithName:@"Tajikistan" - tld:@".tj" - googleDomain:@"google.com.tj" - countryCode:@"TJ"], - [OWSCountryMetadata countryMetadataWithName:@"Tokelau" - tld:@".tk" - googleDomain:@"google.tk" - countryCode:@"TK"], - [OWSCountryMetadata countryMetadataWithName:@"Timor-Leste" - tld:@".tl" - googleDomain:@"google.tl" - countryCode:@"TL"], - [OWSCountryMetadata countryMetadataWithName:@"Turkmenistan" - tld:@".tm" - googleDomain:@"google.tm" - countryCode:@"TM"], - [OWSCountryMetadata countryMetadataWithName:@"Tonga" - tld:@".to" - googleDomain:@"google.to" - countryCode:@"TO"], - [OWSCountryMetadata countryMetadataWithName:@"Tunisia" - tld:@".tn" - googleDomain:@"google.tn" - countryCode:@"TN"], - [OWSCountryMetadata countryMetadataWithName:@"Turkey" - tld:@".tr" - googleDomain:@"google.com.tr" - countryCode:@"TR"], - [OWSCountryMetadata countryMetadataWithName:@"Trinidad and Tobago" - tld:@".tt" - googleDomain:@"google.tt" - countryCode:@"TT"], - [OWSCountryMetadata countryMetadataWithName:@"Taiwan" - tld:@".tw" - googleDomain:@"google.com.tw" - countryCode:@"TW"], - [OWSCountryMetadata countryMetadataWithName:@"Tanzania" - tld:@".tz" - googleDomain:@"google.co.tz" - countryCode:@"TZ"], - [OWSCountryMetadata countryMetadataWithName:@"Ukraine" - tld:@".ua" - googleDomain:@"google.com.ua" - countryCode:@"UA"], - [OWSCountryMetadata countryMetadataWithName:@"Uganda" - tld:@".ug" - googleDomain:@"google.co.ug" - countryCode:@"UG"], - [OWSCountryMetadata countryMetadataWithName:@"United States" - tld:@".com" - googleDomain:@"google.com" - countryCode:@"US"], - [OWSCountryMetadata countryMetadataWithName:@"Uruguay" - tld:@".uy" - googleDomain:@"google.com.uy" - countryCode:@"UY"], - [OWSCountryMetadata countryMetadataWithName:@"Uzbekistan" - tld:@".uz" - googleDomain:@"google.co.uz" - countryCode:@"UZ"], - [OWSCountryMetadata countryMetadataWithName:@"Saint Vincent and the Grenadines" - tld:@".vc" - googleDomain:@"google.com.vc" - countryCode:@"VC"], - [OWSCountryMetadata countryMetadataWithName:@"Venezuela" - tld:@".ve" - googleDomain:@"google.co.ve" - countryCode:@"VE"], - [OWSCountryMetadata countryMetadataWithName:@"British Virgin Islands" - tld:@".vg" - googleDomain:@"google.vg" - countryCode:@"VG"], - [OWSCountryMetadata countryMetadataWithName:@"United States Virgin Islands" - tld:@".vi" - googleDomain:@"google.co.vi" - countryCode:@"VI"], - [OWSCountryMetadata countryMetadataWithName:@"Vietnam" - tld:@".vn" - googleDomain:@"google.com.vn" - countryCode:@"VN"], - [OWSCountryMetadata countryMetadataWithName:@"Vanuatu" - tld:@".vu" - googleDomain:@"google.vu" - countryCode:@"VU"], - [OWSCountryMetadata countryMetadataWithName:@"Samoa" - tld:@".ws" - googleDomain:@"google.ws" - countryCode:@"WS"], - [OWSCountryMetadata countryMetadataWithName:@"South Africa" - tld:@".za" - googleDomain:@"google.co.za" - countryCode:@"ZA"], - [OWSCountryMetadata countryMetadataWithName:@"Zambia" - tld:@".zm" - googleDomain:@"google.co.zm" - countryCode:@"ZM"], - [OWSCountryMetadata countryMetadataWithName:@"Zimbabwe" - tld:@".zw" - googleDomain:@"google.co.zw" - countryCode:@"ZW"], - ]; - cachedValue = [cachedValue sortedArrayUsingComparator:^NSComparisonResult( - OWSCountryMetadata *_Nonnull left, OWSCountryMetadata *_Nonnull right) { - return [left.localizedCountryName compare:right.localizedCountryName]; - }]; - }); - return cachedValue; -} - -@end - -NS_ASSUME_NONNULL_END diff --git a/SignalServiceKit/Resources/Certificates/DigiCertGlobalRootG2.crt b/SignalServiceKit/Resources/Certificates/DigiCertGlobalRootG2.crt new file mode 100644 index 0000000000000000000000000000000000000000..1e927a7afe06c270670d6bc25c4d465db2e0a7e8 GIT binary patch literal 914 zcmXqLV(v3&Vk%p}%*4pVB*1L-@!4|0l?!%jq->Ps{Pom;myJ`a&7m8Ce;an;7{S44N3Zn3@aHzbQTHIERDpF(!1g)GQaJ{9Zplk- zye@a|@AU_#r!O{6V{hxNd-12ggQTEo);V)vP&-Tc!p2{-S^Rub$w8x&gcgr9D_VnJeCX{_;|J2P} zlz02&x_&wBDQX2hucLu6-|8C^Skma^IW)V_ne~}jhi)FnV1keK@Hao#ijU%z$=y=4>cw?qzQ zVDbWnG9yDmy2g}zK9A(rhIe13OI+=&wK>}DRsV9|ZEf-U8{&)0wTy%<8`GUyls~zq zo4)DT|D%6HB9Fdi`2qHg8zibR_3{p5LfoBYYm zyzW}IGxc}J?B04s;o;2qU^mg*8M8lpHn?hM_^7vK-s7%Yx2D;d3NMZS@UtMGz}-N8^%tYFG2u-sL@JUi+4LlJwK^__B94 Uy+>lhq8Hsv%iC;f{?uq20B`eLrT_o{ literal 0 HcmV?d00001 diff --git a/SignalServiceKit/Resources/Certificates/DigiCertSHA2HighAssuranceServerCA.crt b/SignalServiceKit/Resources/Certificates/DigiCertSHA2HighAssuranceServerCA.crt new file mode 100644 index 0000000000000000000000000000000000000000..07e025defbc58b3190f341c520ba3d26fc4cd59e GIT binary patch literal 1205 zcmXqLV%ccW#5{8WGZP~dlK{)Z=S%LyeEOVwK-+0Ytmu3LUN%mxHjlRNyo`+8tPBP@ zhTI06Y|No7Y{E>T!G@v+!XOTpFpo=SdZu$~QHg?QUb3O2fjCH*TUemHyj(8@D3uJ9 z(o4?IHPklH1W7RqE5UVmWTs~*I2IR|7A58-rz*IHDFo%`mnb+p8pw(B8X6lK7#SHF z82~|)IIocf64#)BQrGAk=t5kh26s)chog}Knv;T4i^@`qKrU)xR6-6CMpg#qCPsb+ zpg0#(6C)$Twg>u$RM<}BvczA1&y~Wqsa8oXRcxJ;!|Zc+=FcxxYQ+Ag`%e+pmJ z6#3AwEr*!2)?b+Mj@#k-kqg#ECq(AGpRiGI<+@8Jb~szzwxWesTb{xMOw~L7_oU1J4`}F!Gjy0uA z=IlBvzDdr-G_^ih)$*bY*Q{h|$w?&{T;_)k1$msdj9RqqVeG-X3lw%JE}E>CFXE-> zc>Hbd>`xy0pP9cd%9s?aANQDvnUR5UaTB8_FhpDpgn)r7E6m9FpM}GK4M;IDG8piI z#P~sCEWjk!W*`gVtFnk0h_G>JvoW%=vNJQnSxg2dFg7D2i-v)kfeMUoz}O~{QBqQ1 zrLUi#TwH*X$_%_ghRU#*(C=); zJgL8}r#)AFQtzHw^v7=1RY&eySIrjgm&tSYtdG0tQNw)mZ@1@y8EQ@rudhuKT#~{S z9&+TX>@}vi>^1L>G|Unz`V}_$`v3g~t!xJSx$FJ@hqKOAdE0te`}eZa6>D_G-q%*D zZ+d-bE;swDRjrp97b|EuMmlR;YJ9xv+nZ|Z@@)=D4Xlo?jPJ$S?Cu>fo}GRI#U`uuza;ap9t6a2L{-?Pgs zl5d(Nte71a!_crvKeGN?`%hKpw&$7BL9-@2EPQ-Jm)9@<+X>H`+dfN$t<&CCBJ%qD zZ?(r#yJV;7Wm!i|>2weKuexAzL2&b}mJ*S}>GN1JtnT+YM9F&jop+vS{XFa%L&52w zch$A)te)>N{OS7bP{MiPNG9!uGbZl$cix+jn#*)vXX3JD&+oNLc-Ex(Ew;*Cx%Hii z-Y#C|9meeDD+ZAek_f&-n9TI)D_j}ew*jYqV9Z;Uo_wC|NGvNvHXns%A{7~Pv#u&3(uFc z-8&&E+u?A&)=l=m-0_F!{wv=;_NzD4Zza=ncR@G1FMsz|YpU&DnV4j*u}xR&n?PI2 z$%5sV)^67!V7OH{5j|q J(7RD%7XbdRdH( NS_ASSUME_NONNULL_BEGIN +NSString *const OWSCensorshipConfiguration_SouqFrontingHost = @"cms.souqcdn.com"; +NSString *const OWSCensorshipConfiguration_YahooViewFrontingHost = @"view.yahoo.com"; +NSString *const OWSCensorshipConfiguration_DefaultFrontingHost = OWSCensorshipConfiguration_YahooViewFrontingHost; + @implementation OWSCensorshipConfiguration -- (NSString *)frontingHost:(NSString *)e164PhoneNumber +// returns nil if phone number is not known to be censored ++ (nullable instancetype)censorshipConfigurationWithPhoneNumber:(NSString *)e164PhoneNumber { - OWSAssert(e164PhoneNumber.length > 0); + NSString *countryCode = [self censoredCountryCodeWithPhoneNumber:e164PhoneNumber]; + if (countryCode.length == 0) { + return nil; + } - NSString *domain = nil; - for (NSString *countryCode in self.censoredCountryCodes) { - if ([e164PhoneNumber hasPrefix:countryCode]) { - domain = self.censoredCountryCodes[countryCode]; - } + + return [self censorshipConfigurationWithCountryCode:countryCode]; +} + +// returns best censorship configuration for country code. Will return a default if one hasn't +// been specifically configured. ++ (instancetype)censorshipConfigurationWithCountryCode:(NSString *)countryCode +{ + OWSCountryMetadata *countryMetadadata = [OWSCountryMetadata countryMetadataForCountryCode:countryCode]; + OWSAssert(countryMetadadata); + + NSString *_Nullable specifiedDomain = countryMetadadata.frontingDomain; + + NSURL *baseURL; + AFSecurityPolicy *securityPolicy; + if (specifiedDomain.length > 0) { + NSString *frontingURLString = [NSString stringWithFormat:@"https://%@", specifiedDomain]; + baseURL = [NSURL URLWithString:frontingURLString]; + securityPolicy = [self securityPolicyForDomain:(NSString *)specifiedDomain]; + } else { + NSString *frontingURLString = + [NSString stringWithFormat:@"https://%@", OWSCensorshipConfiguration_DefaultFrontingHost]; + baseURL = [NSURL URLWithString:frontingURLString]; + securityPolicy = [self securityPolicyForDomain:OWSCensorshipConfiguration_DefaultFrontingHost]; } - // Fronting should only be auto-activated for countries specified in censoredCountryCodes, - // all of which have a domain specified. However users can also manually enable - // censorship circumvention. - if (!domain) { - domain = @"google.com"; + OWSAssert(baseURL); + OWSAssert(securityPolicy); + + + return [[OWSCensorshipConfiguration alloc] initWithDomainFrontBaseURL:baseURL securityPolicy:securityPolicy]; +} + +- (instancetype)initWithDomainFrontBaseURL:(NSURL *)domainFrontBaseURL securityPolicy:(AFSecurityPolicy *)securityPolicy +{ + OWSAssert(domainFrontBaseURL); + OWSAssert(securityPolicy); + + self = [super init]; + if (!self) { + return self; } - - return [@"https://" stringByAppendingString:domain]; + + _domainFrontBaseURL = domainFrontBaseURL; + _domainFrontSecurityPolicy = securityPolicy; + + return self; } +// MARK: Public Getters + - (NSString *)signalServiceReflectorHost { return textSecureServiceReflectorHost; @@ -41,39 +86,152 @@ NS_ASSUME_NONNULL_BEGIN return textSecureCDNReflectorHost; } -- (NSDictionary *)censoredCountryCodes +// MARK: Util + ++ (NSDictionary *)censoredCountryCodes { - // The set of countries for which domain fronting should be used. + // The set of countries for which domain fronting should be automatically enabled. // - // For each country, we should add the appropriate google domain, - // per: https://en.wikipedia.org/wiki/List_of_Google_domains - // - // If we ever use any non-google domains for domain fronting, - // remember to: - // - // a) Add the appropriate pinning certificate(s) in - // SignalServiceKit.podspec. - // b) Update signalServiceReflectorHost accordingly. + // If you want to use a domain front other than the default, specify the domain front + // in OWSCountryMetadata, and ensure we have a Security Policy for that domain in + // `securityPolicyForDomain:` return @{ - // Egypt - @"+20": @"google.com.eg", - // Oman - @"+968": @"google.com.om", - // Qatar - @"+974": @"google.com.qa", - // UAE - @"+971": @"google.ae", - }; + // Egypt + @"+20" : @"EG", + // Oman + @"+968" : @"OM", + // Qatar + @"+974" : @"QA", + // UAE + @"+971" : @"AE", + }; +} + +// Returns nil if the phone number is not known to be censored ++ (BOOL)isCensoredPhoneNumber:(NSString *)e164PhoneNumber; +{ + return [self censoredCountryCodeWithPhoneNumber:e164PhoneNumber].length > 0; +} + +// Returns nil if the phone number is not known to be censored ++ (nullable NSString *)censoredCountryCodeWithPhoneNumber:(NSString *)e164PhoneNumber +{ + NSDictionary *censoredCountryCodes = self.censoredCountryCodes; + + for (NSString *callingCode in censoredCountryCodes) { + if ([e164PhoneNumber hasPrefix:callingCode]) { + return censoredCountryCodes[callingCode]; + } + } + + return nil; +} + +#pragma mark - Reflector Pinning Policy + +// When using censorship circumvention, we pin to the fronted domain host. +// Adding a new domain front entails adding a corresponding AFSecurityPolicy +// and pinning to it's CA. +// If the security policy requires new certificates, include them in the SSK bundle ++ (AFSecurityPolicy *)securityPolicyForDomain:(NSString *)domain +{ + if ([domain isEqualToString:OWSCensorshipConfiguration_SouqFrontingHost]) { + return [self souqPinningPolicy]; + } else if ([domain isEqualToString:OWSCensorshipConfiguration_YahooViewFrontingHost]) { + return [self yahooViewPinningPolicy]; + } else { + OWSFail(@"unknown pinning domain."); + return [self yahooViewPinningPolicy]; + } } -- (BOOL)isCensoredPhoneNumber:(NSString *)e164PhoneNumber ++ (AFSecurityPolicy *)pinningPolicyWithCertNames:(NSArray *)certNames { - for (NSString *countryCode in self.censoredCountryCodes) { - if ([e164PhoneNumber hasPrefix:countryCode]) { - return YES; + NSMutableSet *certificates = [NSMutableSet new]; + for (NSString *certName in certNames) { + NSError *error; + NSData *certData = [self certificateDataWithName:certName error:&error]; + if (error) { + DDLogError(@"%@ reading data for certificate: %@ failed with error: %@", self.logTag, certName, error); + OWSRaiseException(@"OWSSignalService_UnableToReadCertificate", @"%@", error.description); + } + + if (!certData) { + DDLogError(@"%@ No data for certificate: %@", self.logTag, certName); + OWSRaiseException(@"OWSSignalService_UnableToReadCertificate", @"%@", error.description); } + [certificates addObject:certData]; + } + + return [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate withPinnedCertificates:certificates]; +} + ++ (nullable NSData *)certificateDataWithName:(NSString *)name error:(NSError **)error +{ + if (!name.length) { + OWSFail(@"%@ expected name with length > 0", self.logTag); + *error = OWSErrorMakeAssertionError(); + return nil; + } + + NSBundle *bundle = [NSBundle bundleForClass:self.class]; + NSString *path = [bundle pathForResource:name ofType:@"crt"]; + if (![[NSFileManager defaultManager] fileExistsAtPath:path]) { + OWSFail(@"%@ Missing certificate for name: %@", self.logTag, name); + *error = OWSErrorMakeAssertionError(); + return nil; } - return NO; + + NSData *_Nullable certData = [NSData dataWithContentsOfFile:path options:0 error:error]; + + if (*error != nil) { + OWSFail(@"%@ Failed to read cert file with path: %@", self.logTag, path); + return nil; + } + + if (certData.length == 0) { + OWSFail(@"%@ empty certData for name: %@", self.logTag, name); + return nil; + } + + DDLogVerbose(@"%@ read cert data with name: %@ length: %lu", self.logTag, name, (unsigned long)certData.length); + return certData; +} + ++ (AFSecurityPolicy *)yahooViewPinningPolicy +{ + static AFSecurityPolicy *securityPolicy = nil; + static dispatch_once_t onceToken; + dispatch_once(&onceToken, ^{ + // DigiCertGlobalRootG2 - view.yahoo.com + NSArray *certNames = @[ @"DigiCertSHA2HighAssuranceServerCA" ]; + securityPolicy = [self pinningPolicyWithCertNames:certNames]; + }); + return securityPolicy; +} + ++ (AFSecurityPolicy *)souqPinningPolicy +{ + static AFSecurityPolicy *securityPolicy = nil; + static dispatch_once_t onceToken; + dispatch_once(&onceToken, ^{ + // SFSRootCAG2 - cms.souqcdn.com + NSArray *certNames = @[ @"SFSRootCAG2" ]; + securityPolicy = [self pinningPolicyWithCertNames:certNames]; + }); + return securityPolicy; +} + ++ (AFSecurityPolicy *)googlePinningPolicy_deprecated +{ + static AFSecurityPolicy *securityPolicy = nil; + static dispatch_once_t onceToken; + dispatch_once(&onceToken, ^{ + // GIAG2 cert plus root certs from pki.goog + NSArray *certNames = @[ @"GIAG2", @"GSR2", @"GSR4", @"GTSR1", @"GTSR2", @"GTSR3", @"GTSR4" ]; + securityPolicy = [self pinningPolicyWithCertNames:certNames]; + }); + return securityPolicy; } @end diff --git a/Signal/src/ViewControllers/OWSCountryMetadata.h b/SignalServiceKit/src/Network/OWSCountryMetadata.h similarity index 77% rename from Signal/src/ViewControllers/OWSCountryMetadata.h rename to SignalServiceKit/src/Network/OWSCountryMetadata.h index 3b42068aa..9e383db2e 100644 --- a/Signal/src/ViewControllers/OWSCountryMetadata.h +++ b/SignalServiceKit/src/Network/OWSCountryMetadata.h @@ -1,5 +1,5 @@ // -// Copyright (c) 2017 Open Whisper Systems. All rights reserved. +// Copyright (c) 2018 Open Whisper Systems. All rights reserved. // NS_ASSUME_NONNULL_BEGIN @@ -8,7 +8,7 @@ NS_ASSUME_NONNULL_BEGIN @property (nonatomic) NSString *name; @property (nonatomic) NSString *tld; -@property (nonatomic) NSString *googleDomain; +@property (nonatomic, nullable) NSString *frontingDomain; @property (nonatomic) NSString *countryCode; @property (nonatomic) NSString *localizedCountryName; diff --git a/SignalServiceKit/src/Network/OWSCountryMetadata.m b/SignalServiceKit/src/Network/OWSCountryMetadata.m new file mode 100644 index 000000000..e6d17afda --- /dev/null +++ b/SignalServiceKit/src/Network/OWSCountryMetadata.m @@ -0,0 +1,378 @@ +// +// Copyright (c) 2018 Open Whisper Systems. All rights reserved. +// + +#import "OWSCountryMetadata.h" +#import "OWSCensorshipConfiguration.h" + +NS_ASSUME_NONNULL_BEGIN + +@implementation OWSCountryMetadata + ++ (OWSCountryMetadata *)countryMetadataWithName:(NSString *)name + tld:(NSString *)tld + frontingDomain:(nullable NSString *)frontingDomain + countryCode:(NSString *)countryCode +{ + OWSAssert(name.length > 0); + OWSAssert(tld.length > 0); + OWSAssert(countryCode.length > 0); + + OWSCountryMetadata *instance = [OWSCountryMetadata new]; + instance.name = name; + instance.tld = tld; + instance.frontingDomain = frontingDomain; + instance.countryCode = countryCode; + + NSString *localizedCountryName = [[NSLocale currentLocale] displayNameForKey:NSLocaleCountryCode value:countryCode]; + if (localizedCountryName.length < 1) { + localizedCountryName = name; + } + instance.localizedCountryName = localizedCountryName; + + return instance; +} + ++ (OWSCountryMetadata *)countryMetadataForCountryCode:(NSString *)countryCode +{ + OWSAssert(countryCode.length > 0); + + return [self countryCodeToCountryMetadataMap][countryCode]; +} + ++ (NSDictionary *)countryCodeToCountryMetadataMap +{ + static NSDictionary *cachedValue = nil; + static dispatch_once_t onceToken; + dispatch_once(&onceToken, ^{ + NSMutableDictionary *map = [NSMutableDictionary new]; + for (OWSCountryMetadata *metadata in [self allCountryMetadatas]) { + map[metadata.countryCode] = metadata; + } + cachedValue = map; + }); + return cachedValue; +} + ++ (NSArray *)allCountryMetadatas +{ + static NSArray *cachedValue = nil; + static dispatch_once_t onceToken; + dispatch_once(&onceToken, ^{ + cachedValue = @[ + [OWSCountryMetadata countryMetadataWithName:@"Andorra" tld:@".ad" frontingDomain:nil countryCode:@"AD"], + [OWSCountryMetadata countryMetadataWithName:@"United Arab Emirates" + tld:@".ae" + frontingDomain:OWSCensorshipConfiguration_SouqFrontingHost + countryCode:@"AE"], + [OWSCountryMetadata countryMetadataWithName:@"Afghanistan" tld:@".af" frontingDomain:nil countryCode:@"AF"], + [OWSCountryMetadata countryMetadataWithName:@"Antigua and Barbuda" + tld:@".ag" + frontingDomain:nil + countryCode:@"AG"], + [OWSCountryMetadata countryMetadataWithName:@"Anguilla" tld:@".ai" frontingDomain:nil countryCode:@"AI"], + [OWSCountryMetadata countryMetadataWithName:@"Albania" tld:@".al" frontingDomain:nil countryCode:@"AL"], + [OWSCountryMetadata countryMetadataWithName:@"Armenia" tld:@".am" frontingDomain:nil countryCode:@"AM"], + [OWSCountryMetadata countryMetadataWithName:@"Angola" tld:@".ao" frontingDomain:nil countryCode:@"AO"], + [OWSCountryMetadata countryMetadataWithName:@"Argentina" tld:@".ar" frontingDomain:nil countryCode:@"AR"], + [OWSCountryMetadata countryMetadataWithName:@"American Samoa" + tld:@".as" + frontingDomain:nil + countryCode:@"AS"], + [OWSCountryMetadata countryMetadataWithName:@"Austria" tld:@".at" frontingDomain:nil countryCode:@"AT"], + [OWSCountryMetadata countryMetadataWithName:@"Australia" tld:@".au" frontingDomain:nil countryCode:@"AU"], + [OWSCountryMetadata countryMetadataWithName:@"Azerbaijan" tld:@".az" frontingDomain:nil countryCode:@"AZ"], + [OWSCountryMetadata countryMetadataWithName:@"Bosnia and Herzegovina" + tld:@".ba" + frontingDomain:nil + countryCode:@"BA"], + [OWSCountryMetadata countryMetadataWithName:@"Bangladesh" tld:@".bd" frontingDomain:nil countryCode:@"BD"], + [OWSCountryMetadata countryMetadataWithName:@"Belgium" tld:@".be" frontingDomain:nil countryCode:@"BE"], + [OWSCountryMetadata countryMetadataWithName:@"Burkina Faso" + tld:@".bf" + frontingDomain:nil + countryCode:@"BF"], + [OWSCountryMetadata countryMetadataWithName:@"Bulgaria" tld:@".bg" frontingDomain:nil countryCode:@"BG"], + [OWSCountryMetadata countryMetadataWithName:@"Bahrain" tld:@".bh" frontingDomain:nil countryCode:@"BH"], + [OWSCountryMetadata countryMetadataWithName:@"Burundi" tld:@".bi" frontingDomain:nil countryCode:@"BI"], + [OWSCountryMetadata countryMetadataWithName:@"Benin" tld:@".bj" frontingDomain:nil countryCode:@"BJ"], + [OWSCountryMetadata countryMetadataWithName:@"Brunei" tld:@".bn" frontingDomain:nil countryCode:@"BN"], + [OWSCountryMetadata countryMetadataWithName:@"Bolivia" tld:@".bo" frontingDomain:nil countryCode:@"BO"], + [OWSCountryMetadata countryMetadataWithName:@"Brazil" tld:@".br" frontingDomain:nil countryCode:@"BR"], + [OWSCountryMetadata countryMetadataWithName:@"Bahamas" tld:@".bs" frontingDomain:nil countryCode:@"BS"], + [OWSCountryMetadata countryMetadataWithName:@"Bhutan" tld:@".bt" frontingDomain:nil countryCode:@"BT"], + [OWSCountryMetadata countryMetadataWithName:@"Botswana" tld:@".bw" frontingDomain:nil countryCode:@"BW"], + [OWSCountryMetadata countryMetadataWithName:@"Belarus" tld:@".by" frontingDomain:nil countryCode:@"BY"], + [OWSCountryMetadata countryMetadataWithName:@"Belize" tld:@".bz" frontingDomain:nil countryCode:@"BZ"], + [OWSCountryMetadata countryMetadataWithName:@"Canada" tld:@".ca" frontingDomain:nil countryCode:@"CA"], + [OWSCountryMetadata countryMetadataWithName:@"Cambodia" tld:@".kh" frontingDomain:nil countryCode:@"KH"], + [OWSCountryMetadata countryMetadataWithName:@"Cocos (Keeling) Islands" + tld:@".cc" + frontingDomain:nil + countryCode:@"CC"], + [OWSCountryMetadata countryMetadataWithName:@"Democratic Republic of the Congo" + tld:@".cd" + frontingDomain:nil + countryCode:@"CD"], + [OWSCountryMetadata countryMetadataWithName:@"Central African Republic" + tld:@".cf" + frontingDomain:nil + countryCode:@"CF"], + [OWSCountryMetadata countryMetadataWithName:@"Republic of the Congo" + tld:@".cg" + frontingDomain:nil + countryCode:@"CG"], + [OWSCountryMetadata countryMetadataWithName:@"Switzerland" tld:@".ch" frontingDomain:nil countryCode:@"CH"], + [OWSCountryMetadata countryMetadataWithName:@"Ivory Coast" tld:@".ci" frontingDomain:nil countryCode:@"CI"], + [OWSCountryMetadata countryMetadataWithName:@"Cook Islands" + tld:@".ck" + frontingDomain:nil + countryCode:@"CK"], + [OWSCountryMetadata countryMetadataWithName:@"Chile" tld:@".cl" frontingDomain:nil countryCode:@"CL"], + [OWSCountryMetadata countryMetadataWithName:@"Cameroon" tld:@".cm" frontingDomain:nil countryCode:@"CM"], + [OWSCountryMetadata countryMetadataWithName:@"China" tld:@".cn" frontingDomain:nil countryCode:@"CN"], + [OWSCountryMetadata countryMetadataWithName:@"Colombia" tld:@".co" frontingDomain:nil countryCode:@"CO"], + [OWSCountryMetadata countryMetadataWithName:@"Costa Rica" tld:@".cr" frontingDomain:nil countryCode:@"CR"], + [OWSCountryMetadata countryMetadataWithName:@"Cuba" tld:@".cu" frontingDomain:nil countryCode:@"CU"], + [OWSCountryMetadata countryMetadataWithName:@"Cape Verde" tld:@".cv" frontingDomain:nil countryCode:@"CV"], + [OWSCountryMetadata countryMetadataWithName:@"Christmas Island" + tld:@".cx" + frontingDomain:nil + countryCode:@"CX"], + [OWSCountryMetadata countryMetadataWithName:@"Cyprus" tld:@".cy" frontingDomain:nil countryCode:@"CY"], + [OWSCountryMetadata countryMetadataWithName:@"Czech Republic" + tld:@".cz" + frontingDomain:nil + countryCode:@"CZ"], + [OWSCountryMetadata countryMetadataWithName:@"Germany" tld:@".de" frontingDomain:nil countryCode:@"DE"], + [OWSCountryMetadata countryMetadataWithName:@"Djibouti" tld:@".dj" frontingDomain:nil countryCode:@"DJ"], + [OWSCountryMetadata countryMetadataWithName:@"Denmark" tld:@".dk" frontingDomain:nil countryCode:@"DK"], + [OWSCountryMetadata countryMetadataWithName:@"Dominica" tld:@".dm" frontingDomain:nil countryCode:@"DM"], + [OWSCountryMetadata countryMetadataWithName:@"Dominican Republic" + tld:@".do" + frontingDomain:nil + countryCode:@"DO"], + [OWSCountryMetadata countryMetadataWithName:@"Algeria" tld:@".dz" frontingDomain:nil countryCode:@"DZ"], + [OWSCountryMetadata countryMetadataWithName:@"Ecuador" tld:@".ec" frontingDomain:nil countryCode:@"EC"], + [OWSCountryMetadata countryMetadataWithName:@"Estonia" tld:@".ee" frontingDomain:nil countryCode:@"EE"], + [OWSCountryMetadata countryMetadataWithName:@"Egypt" + tld:@".eg" + frontingDomain:OWSCensorshipConfiguration_SouqFrontingHost + countryCode:@"EG"], + [OWSCountryMetadata countryMetadataWithName:@"Spain" tld:@".es" frontingDomain:nil countryCode:@"ES"], + [OWSCountryMetadata countryMetadataWithName:@"Ethiopia" tld:@".et" frontingDomain:nil countryCode:@"ET"], + [OWSCountryMetadata countryMetadataWithName:@"Finland" tld:@".fi" frontingDomain:nil countryCode:@"FI"], + [OWSCountryMetadata countryMetadataWithName:@"Fiji" tld:@".fj" frontingDomain:nil countryCode:@"FJ"], + [OWSCountryMetadata countryMetadataWithName:@"Federated States of Micronesia" + tld:@".fm" + frontingDomain:nil + countryCode:@"FM"], + [OWSCountryMetadata countryMetadataWithName:@"France" tld:@".fr" frontingDomain:nil countryCode:@"FR"], + [OWSCountryMetadata countryMetadataWithName:@"Gabon" tld:@".ga" frontingDomain:nil countryCode:@"GA"], + [OWSCountryMetadata countryMetadataWithName:@"Georgia" tld:@".ge" frontingDomain:nil countryCode:@"GE"], + [OWSCountryMetadata countryMetadataWithName:@"French Guiana" + tld:@".gf" + frontingDomain:nil + countryCode:@"GF"], + [OWSCountryMetadata countryMetadataWithName:@"Guernsey" tld:@".gg" frontingDomain:nil countryCode:@"GG"], + [OWSCountryMetadata countryMetadataWithName:@"Ghana" tld:@".gh" frontingDomain:nil countryCode:@"GH"], + [OWSCountryMetadata countryMetadataWithName:@"Gibraltar" tld:@".gi" frontingDomain:nil countryCode:@"GI"], + [OWSCountryMetadata countryMetadataWithName:@"Greenland" tld:@".gl" frontingDomain:nil countryCode:@"GL"], + [OWSCountryMetadata countryMetadataWithName:@"Gambia" tld:@".gm" frontingDomain:nil countryCode:@"GM"], + [OWSCountryMetadata countryMetadataWithName:@"Guadeloupe" tld:@".gp" frontingDomain:nil countryCode:@"GP"], + [OWSCountryMetadata countryMetadataWithName:@"Greece" tld:@".gr" frontingDomain:nil countryCode:@"GR"], + [OWSCountryMetadata countryMetadataWithName:@"Guatemala" tld:@".gt" frontingDomain:nil countryCode:@"GT"], + [OWSCountryMetadata countryMetadataWithName:@"Guyana" tld:@".gy" frontingDomain:nil countryCode:@"GY"], + [OWSCountryMetadata countryMetadataWithName:@"Hong Kong" tld:@".hk" frontingDomain:nil countryCode:@"HK"], + [OWSCountryMetadata countryMetadataWithName:@"Honduras" tld:@".hn" frontingDomain:nil countryCode:@"HN"], + [OWSCountryMetadata countryMetadataWithName:@"Croatia" tld:@".hr" frontingDomain:nil countryCode:@"HR"], + [OWSCountryMetadata countryMetadataWithName:@"Haiti" tld:@".ht" frontingDomain:nil countryCode:@"HT"], + [OWSCountryMetadata countryMetadataWithName:@"Hungary" tld:@".hu" frontingDomain:nil countryCode:@"HU"], + [OWSCountryMetadata countryMetadataWithName:@"Indonesia" tld:@".id" frontingDomain:nil countryCode:@"ID"], + [OWSCountryMetadata countryMetadataWithName:@"Iraq" tld:@".iq" frontingDomain:nil countryCode:@"IQ"], + [OWSCountryMetadata countryMetadataWithName:@"Ireland" tld:@".ie" frontingDomain:nil countryCode:@"IE"], + [OWSCountryMetadata countryMetadataWithName:@"Israel" tld:@".il" frontingDomain:nil countryCode:@"IL"], + [OWSCountryMetadata countryMetadataWithName:@"Isle of Man" tld:@".im" frontingDomain:nil countryCode:@"IM"], + [OWSCountryMetadata countryMetadataWithName:@"India" tld:@".in" frontingDomain:nil countryCode:@"IN"], + [OWSCountryMetadata countryMetadataWithName:@"British Indian Ocean Territory" + tld:@".io" + frontingDomain:nil + countryCode:@"IO"], + [OWSCountryMetadata countryMetadataWithName:@"Iceland" tld:@".is" frontingDomain:nil countryCode:@"IS"], + [OWSCountryMetadata countryMetadataWithName:@"Italy" tld:@".it" frontingDomain:nil countryCode:@"IT"], + [OWSCountryMetadata countryMetadataWithName:@"Jersey" tld:@".je" frontingDomain:nil countryCode:@"JE"], + [OWSCountryMetadata countryMetadataWithName:@"Jamaica" tld:@".jm" frontingDomain:nil countryCode:@"JM"], + [OWSCountryMetadata countryMetadataWithName:@"Jordan" tld:@".jo" frontingDomain:nil countryCode:@"JO"], + [OWSCountryMetadata countryMetadataWithName:@"Japan" tld:@".jp" frontingDomain:nil countryCode:@"JP"], + [OWSCountryMetadata countryMetadataWithName:@"Kenya" tld:@".ke" frontingDomain:nil countryCode:@"KE"], + [OWSCountryMetadata countryMetadataWithName:@"Kiribati" tld:@".ki" frontingDomain:nil countryCode:@"KI"], + [OWSCountryMetadata countryMetadataWithName:@"Kyrgyzstan" tld:@".kg" frontingDomain:nil countryCode:@"KG"], + [OWSCountryMetadata countryMetadataWithName:@"South Korea" tld:@".kr" frontingDomain:nil countryCode:@"KR"], + [OWSCountryMetadata countryMetadataWithName:@"Kuwait" tld:@".kw" frontingDomain:nil countryCode:@"KW"], + [OWSCountryMetadata countryMetadataWithName:@"Kazakhstan" tld:@".kz" frontingDomain:nil countryCode:@"KZ"], + [OWSCountryMetadata countryMetadataWithName:@"Laos" tld:@".la" frontingDomain:nil countryCode:@"LA"], + [OWSCountryMetadata countryMetadataWithName:@"Lebanon" tld:@".lb" frontingDomain:nil countryCode:@"LB"], + [OWSCountryMetadata countryMetadataWithName:@"Saint Lucia" tld:@".lc" frontingDomain:nil countryCode:@"LC"], + [OWSCountryMetadata countryMetadataWithName:@"Liechtenstein" + tld:@".li" + frontingDomain:nil + countryCode:@"LI"], + [OWSCountryMetadata countryMetadataWithName:@"Sri Lanka" tld:@".lk" frontingDomain:nil countryCode:@"LK"], + [OWSCountryMetadata countryMetadataWithName:@"Lesotho" tld:@".ls" frontingDomain:nil countryCode:@"LS"], + [OWSCountryMetadata countryMetadataWithName:@"Lithuania" tld:@".lt" frontingDomain:nil countryCode:@"LT"], + [OWSCountryMetadata countryMetadataWithName:@"Luxembourg" tld:@".lu" frontingDomain:nil countryCode:@"LU"], + [OWSCountryMetadata countryMetadataWithName:@"Latvia" tld:@".lv" frontingDomain:nil countryCode:@"LV"], + [OWSCountryMetadata countryMetadataWithName:@"Libya" tld:@".ly" frontingDomain:nil countryCode:@"LY"], + [OWSCountryMetadata countryMetadataWithName:@"Morocco" tld:@".ma" frontingDomain:nil countryCode:@"MA"], + [OWSCountryMetadata countryMetadataWithName:@"Moldova" tld:@".md" frontingDomain:nil countryCode:@"MD"], + [OWSCountryMetadata countryMetadataWithName:@"Montenegro" tld:@".me" frontingDomain:nil countryCode:@"ME"], + [OWSCountryMetadata countryMetadataWithName:@"Madagascar" tld:@".mg" frontingDomain:nil countryCode:@"MG"], + [OWSCountryMetadata countryMetadataWithName:@"Macedonia" tld:@".mk" frontingDomain:nil countryCode:@"MK"], + [OWSCountryMetadata countryMetadataWithName:@"Mali" tld:@".ml" frontingDomain:nil countryCode:@"ML"], + [OWSCountryMetadata countryMetadataWithName:@"Myanmar" tld:@".mm" frontingDomain:nil countryCode:@"MM"], + [OWSCountryMetadata countryMetadataWithName:@"Mongolia" tld:@".mn" frontingDomain:nil countryCode:@"MN"], + [OWSCountryMetadata countryMetadataWithName:@"Montserrat" tld:@".ms" frontingDomain:nil countryCode:@"MS"], + [OWSCountryMetadata countryMetadataWithName:@"Malta" tld:@".mt" frontingDomain:nil countryCode:@"MT"], + [OWSCountryMetadata countryMetadataWithName:@"Mauritius" tld:@".mu" frontingDomain:nil countryCode:@"MU"], + [OWSCountryMetadata countryMetadataWithName:@"Maldives" tld:@".mv" frontingDomain:nil countryCode:@"MV"], + [OWSCountryMetadata countryMetadataWithName:@"Malawi" tld:@".mw" frontingDomain:nil countryCode:@"MW"], + [OWSCountryMetadata countryMetadataWithName:@"Mexico" tld:@".mx" frontingDomain:nil countryCode:@"MX"], + [OWSCountryMetadata countryMetadataWithName:@"Malaysia" tld:@".my" frontingDomain:nil countryCode:@"MY"], + [OWSCountryMetadata countryMetadataWithName:@"Mozambique" tld:@".mz" frontingDomain:nil countryCode:@"MZ"], + [OWSCountryMetadata countryMetadataWithName:@"Namibia" tld:@".na" frontingDomain:nil countryCode:@"NA"], + [OWSCountryMetadata countryMetadataWithName:@"Niger" tld:@".ne" frontingDomain:nil countryCode:@"NE"], + [OWSCountryMetadata countryMetadataWithName:@"Norfolk Island" + tld:@".nf" + frontingDomain:nil + countryCode:@"NF"], + [OWSCountryMetadata countryMetadataWithName:@"Nigeria" tld:@".ng" frontingDomain:nil countryCode:@"NG"], + [OWSCountryMetadata countryMetadataWithName:@"Nicaragua" tld:@".ni" frontingDomain:nil countryCode:@"NI"], + [OWSCountryMetadata countryMetadataWithName:@"Netherlands" tld:@".nl" frontingDomain:nil countryCode:@"NL"], + [OWSCountryMetadata countryMetadataWithName:@"Norway" tld:@".no" frontingDomain:nil countryCode:@"NO"], + [OWSCountryMetadata countryMetadataWithName:@"Nepal" tld:@".np" frontingDomain:nil countryCode:@"NP"], + [OWSCountryMetadata countryMetadataWithName:@"Nauru" tld:@".nr" frontingDomain:nil countryCode:@"NR"], + [OWSCountryMetadata countryMetadataWithName:@"Niue" tld:@".nu" frontingDomain:nil countryCode:@"NU"], + [OWSCountryMetadata countryMetadataWithName:@"New Zealand" tld:@".nz" frontingDomain:nil countryCode:@"NZ"], + [OWSCountryMetadata countryMetadataWithName:@"Oman" + tld:@".om" + frontingDomain:OWSCensorshipConfiguration_SouqFrontingHost + countryCode:@"OM"], + [OWSCountryMetadata countryMetadataWithName:@"Pakistan" tld:@".pk" frontingDomain:nil countryCode:@"PK"], + [OWSCountryMetadata countryMetadataWithName:@"Panama" tld:@".pa" frontingDomain:nil countryCode:@"PA"], + [OWSCountryMetadata countryMetadataWithName:@"Peru" tld:@".pe" frontingDomain:nil countryCode:@"PE"], + [OWSCountryMetadata countryMetadataWithName:@"Philippines" tld:@".ph" frontingDomain:nil countryCode:@"PH"], + [OWSCountryMetadata countryMetadataWithName:@"Poland" tld:@".pl" frontingDomain:nil countryCode:@"PL"], + [OWSCountryMetadata countryMetadataWithName:@"Papua New Guinea" + tld:@".pg" + frontingDomain:nil + countryCode:@"PG"], + [OWSCountryMetadata countryMetadataWithName:@"Pitcairn Islands" + tld:@".pn" + frontingDomain:nil + countryCode:@"PN"], + [OWSCountryMetadata countryMetadataWithName:@"Puerto Rico" tld:@".pr" frontingDomain:nil countryCode:@"PR"], + [OWSCountryMetadata countryMetadataWithName:@"Palestine[4]" + tld:@".ps" + frontingDomain:nil + countryCode:@"PS"], + [OWSCountryMetadata countryMetadataWithName:@"Portugal" tld:@".pt" frontingDomain:nil countryCode:@"PT"], + [OWSCountryMetadata countryMetadataWithName:@"Paraguay" tld:@".py" frontingDomain:nil countryCode:@"PY"], + [OWSCountryMetadata countryMetadataWithName:@"Qatar" + tld:@".qa" + frontingDomain:OWSCensorshipConfiguration_SouqFrontingHost + countryCode:@"QA"], + [OWSCountryMetadata countryMetadataWithName:@"Romania" tld:@".ro" frontingDomain:nil countryCode:@"RO"], + [OWSCountryMetadata countryMetadataWithName:@"Serbia" tld:@".rs" frontingDomain:nil countryCode:@"RS"], + [OWSCountryMetadata countryMetadataWithName:@"Russia" tld:@".ru" frontingDomain:nil countryCode:@"RU"], + [OWSCountryMetadata countryMetadataWithName:@"Rwanda" tld:@".rw" frontingDomain:nil countryCode:@"RW"], + [OWSCountryMetadata countryMetadataWithName:@"Saudi Arabia" + tld:@".sa" + frontingDomain:nil + countryCode:@"SA"], + [OWSCountryMetadata countryMetadataWithName:@"Solomon Islands" + tld:@".sb" + frontingDomain:nil + countryCode:@"SB"], + [OWSCountryMetadata countryMetadataWithName:@"Seychelles" tld:@".sc" frontingDomain:nil countryCode:@"SC"], + [OWSCountryMetadata countryMetadataWithName:@"Sweden" tld:@".se" frontingDomain:nil countryCode:@"SE"], + [OWSCountryMetadata countryMetadataWithName:@"Singapore" tld:@".sg" frontingDomain:nil countryCode:@"SG"], + [OWSCountryMetadata countryMetadataWithName:@"Saint Helena, Ascension and Tristan da Cunha" + tld:@".sh" + frontingDomain:nil + countryCode:@"SH"], + [OWSCountryMetadata countryMetadataWithName:@"Slovenia" tld:@".si" frontingDomain:nil countryCode:@"SI"], + [OWSCountryMetadata countryMetadataWithName:@"Slovakia" tld:@".sk" frontingDomain:nil countryCode:@"SK"], + [OWSCountryMetadata countryMetadataWithName:@"Sierra Leone" + tld:@".sl" + frontingDomain:nil + countryCode:@"SL"], + [OWSCountryMetadata countryMetadataWithName:@"Senegal" tld:@".sn" frontingDomain:nil countryCode:@"SN"], + [OWSCountryMetadata countryMetadataWithName:@"San Marino" tld:@".sm" frontingDomain:nil countryCode:@"SM"], + [OWSCountryMetadata countryMetadataWithName:@"Somalia" tld:@".so" frontingDomain:nil countryCode:@"SO"], + [OWSCountryMetadata countryMetadataWithName:@"São Tomé and Príncipe" + tld:@".st" + frontingDomain:nil + countryCode:@"ST"], + [OWSCountryMetadata countryMetadataWithName:@"Suriname" tld:@".sr" frontingDomain:nil countryCode:@"SR"], + [OWSCountryMetadata countryMetadataWithName:@"El Salvador" tld:@".sv" frontingDomain:nil countryCode:@"SV"], + [OWSCountryMetadata countryMetadataWithName:@"Chad" tld:@".td" frontingDomain:nil countryCode:@"TD"], + [OWSCountryMetadata countryMetadataWithName:@"Togo" tld:@".tg" frontingDomain:nil countryCode:@"TG"], + [OWSCountryMetadata countryMetadataWithName:@"Thailand" tld:@".th" frontingDomain:nil countryCode:@"TH"], + [OWSCountryMetadata countryMetadataWithName:@"Tajikistan" tld:@".tj" frontingDomain:nil countryCode:@"TJ"], + [OWSCountryMetadata countryMetadataWithName:@"Tokelau" tld:@".tk" frontingDomain:nil countryCode:@"TK"], + [OWSCountryMetadata countryMetadataWithName:@"Timor-Leste" tld:@".tl" frontingDomain:nil countryCode:@"TL"], + [OWSCountryMetadata countryMetadataWithName:@"Turkmenistan" + tld:@".tm" + frontingDomain:nil + countryCode:@"TM"], + [OWSCountryMetadata countryMetadataWithName:@"Tonga" tld:@".to" frontingDomain:nil countryCode:@"TO"], + [OWSCountryMetadata countryMetadataWithName:@"Tunisia" tld:@".tn" frontingDomain:nil countryCode:@"TN"], + [OWSCountryMetadata countryMetadataWithName:@"Turkey" tld:@".tr" frontingDomain:nil countryCode:@"TR"], + [OWSCountryMetadata countryMetadataWithName:@"Trinidad and Tobago" + tld:@".tt" + frontingDomain:nil + countryCode:@"TT"], + [OWSCountryMetadata countryMetadataWithName:@"Taiwan" tld:@".tw" frontingDomain:nil countryCode:@"TW"], + [OWSCountryMetadata countryMetadataWithName:@"Tanzania" tld:@".tz" frontingDomain:nil countryCode:@"TZ"], + [OWSCountryMetadata countryMetadataWithName:@"Ukraine" tld:@".ua" frontingDomain:nil countryCode:@"UA"], + [OWSCountryMetadata countryMetadataWithName:@"Uganda" tld:@".ug" frontingDomain:nil countryCode:@"UG"], + [OWSCountryMetadata countryMetadataWithName:@"United States" + tld:@".com" + frontingDomain:nil + countryCode:@"US"], + [OWSCountryMetadata countryMetadataWithName:@"Uruguay" tld:@".uy" frontingDomain:nil countryCode:@"UY"], + [OWSCountryMetadata countryMetadataWithName:@"Uzbekistan" tld:@".uz" frontingDomain:nil countryCode:@"UZ"], + [OWSCountryMetadata countryMetadataWithName:@"Saint Vincent and the Grenadines" + tld:@".vc" + frontingDomain:nil + countryCode:@"VC"], + [OWSCountryMetadata countryMetadataWithName:@"Venezuela" tld:@".ve" frontingDomain:nil countryCode:@"VE"], + [OWSCountryMetadata countryMetadataWithName:@"British Virgin Islands" + tld:@".vg" + frontingDomain:nil + countryCode:@"VG"], + [OWSCountryMetadata countryMetadataWithName:@"United States Virgin Islands" + tld:@".vi" + frontingDomain:nil + countryCode:@"VI"], + [OWSCountryMetadata countryMetadataWithName:@"Vietnam" tld:@".vn" frontingDomain:nil countryCode:@"VN"], + [OWSCountryMetadata countryMetadataWithName:@"Vanuatu" tld:@".vu" frontingDomain:nil countryCode:@"VU"], + [OWSCountryMetadata countryMetadataWithName:@"Samoa" tld:@".ws" frontingDomain:nil countryCode:@"WS"], + [OWSCountryMetadata countryMetadataWithName:@"South Africa" + tld:@".za" + frontingDomain:nil + countryCode:@"ZA"], + [OWSCountryMetadata countryMetadataWithName:@"Zambia" tld:@".zm" frontingDomain:nil countryCode:@"ZM"], + [OWSCountryMetadata countryMetadataWithName:@"Zimbabwe" tld:@".zw" frontingDomain:nil countryCode:@"ZW"], + ]; + cachedValue = [cachedValue sortedArrayUsingComparator:^NSComparisonResult( + OWSCountryMetadata *_Nonnull left, OWSCountryMetadata *_Nonnull right) { + return [left.localizedCountryName compare:right.localizedCountryName]; + }]; + }); + return cachedValue; +} + +@end + +NS_ASSUME_NONNULL_END diff --git a/SignalServiceKit/src/Network/OWSSignalService.h b/SignalServiceKit/src/Network/OWSSignalService.h index 98f7a07d4..16651b787 100644 --- a/SignalServiceKit/src/Network/OWSSignalService.h +++ b/SignalServiceKit/src/Network/OWSSignalService.h @@ -18,24 +18,16 @@ extern NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidCha /// For uploading avatar assets. @property (nonatomic, readonly) AFHTTPSessionManager *CDNSessionManager; -@property (atomic, readonly) BOOL isCensorshipCircumventionActive; - -@property (atomic, readonly) BOOL hasCensoredPhoneNumber; - + (instancetype)sharedInstance; - (instancetype)init NS_UNAVAILABLE; -- (BOOL)isCensorshipCircumventionManuallyActivated; -- (void)setIsCensorshipCircumventionManuallyActivated:(BOOL)value; +#pragma mark - Censorship Circumvention -#pragma mark - Censorship Circumvention Domain - -- (NSString *)manualCensorshipCircumventionDomain; -- (void)setManualCensorshipCircumventionDomain:(NSString *)value; - -- (NSString *)manualCensorshipCircumventionCountryCode; -- (void)setManualCensorshipCircumventionCountryCode:(NSString *)value; +@property (atomic, readonly) BOOL isCensorshipCircumventionActive; +@property (atomic, readonly) BOOL hasCensoredPhoneNumber; +@property (atomic) BOOL isCensorshipCircumventionManuallyActivated; +@property (atomic, nullable) NSString *manualCensorshipCircumventionCountryCode; @end diff --git a/SignalServiceKit/src/Network/OWSSignalService.m b/SignalServiceKit/src/Network/OWSSignalService.m index 4ca312055..ed77e603e 100644 --- a/SignalServiceKit/src/Network/OWSSignalService.m +++ b/SignalServiceKit/src/Network/OWSSignalService.m @@ -28,7 +28,7 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = @interface OWSSignalService () -@property (nonatomic, readonly) OWSCensorshipConfiguration *censorshipConfiguration; +@property (nonatomic, nullable, readonly) OWSCensorshipConfiguration *censorshipConfiguration; @property (atomic) BOOL hasCensoredPhoneNumber; @@ -59,8 +59,6 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = return self; } - _censorshipConfiguration = [OWSCensorshipConfiguration new]; - [self observeNotifications]; [self updateHasCensoredPhoneNumber]; @@ -93,7 +91,7 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = NSString *localNumber = [TSAccountManager localNumber]; if (localNumber) { - self.hasCensoredPhoneNumber = [self.censorshipConfiguration isCensoredPhoneNumber:localNumber]; + self.hasCensoredPhoneNumber = [OWSCensorshipConfiguration isCensoredPhoneNumber:localNumber]; } else { DDLogError(@"%@ no known phone number to check for censorship.", self.logTag); self.hasCensoredPhoneNumber = NO; @@ -152,7 +150,9 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = - (AFHTTPSessionManager *)signalServiceSessionManager { if (self.isCensorshipCircumventionActive) { - DDLogInfo(@"%@ using reflector HTTPSessionManager via: %@", self.logTag, self.domainFrontingBaseURL); + DDLogInfo(@"%@ using reflector HTTPSessionManager via: %@", + self.logTag, + self.censorshipConfiguration.domainFrontBaseURL); return self.reflectorSignalServiceSessionManager; } else { return self.defaultSignalServiceSessionManager; @@ -174,35 +174,16 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = return sessionManager; } -- (NSURL *)domainFrontingBaseURL -{ - NSString *localNumber = [TSAccountManager localNumber]; - OWSAssert(localNumber.length > 0); - - // Target fronting domain - OWSAssert(self.isCensorshipCircumventionActive); - - NSURL *baseURL; - - if (self.isCensorshipCircumventionManuallyActivated && self.manualCensorshipCircumventionDomain.length > 0) { - baseURL = [[NSURL alloc] initWithString:[NSString stringWithFormat:@"https://%@", self.manualCensorshipCircumventionDomain]]; - } - - if (baseURL == nil) { - baseURL = [[NSURL alloc] initWithString:[self.censorshipConfiguration frontingHost:localNumber]]; - } - - OWSAssert(baseURL); - return baseURL; -} - - (AFHTTPSessionManager *)reflectorSignalServiceSessionManager { + OWSCensorshipConfiguration *censorshipConfiguration = self.censorshipConfiguration; + NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration; AFHTTPSessionManager *sessionManager = - [[AFHTTPSessionManager alloc] initWithBaseURL:self.domainFrontingBaseURL sessionConfiguration:sessionConf]; - - sessionManager.securityPolicy = [[self class] googlePinningPolicy]; + [[AFHTTPSessionManager alloc] initWithBaseURL:censorshipConfiguration.domainFrontBaseURL + sessionConfiguration:sessionConf]; + + sessionManager.securityPolicy = censorshipConfiguration.domainFrontSecurityPolicy; sessionManager.requestSerializer = [AFJSONRequestSerializer serializer]; [sessionManager.requestSerializer setValue:self.censorshipConfiguration.signalServiceReflectorHost forHTTPHeaderField:@"Host"]; @@ -216,7 +197,9 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = - (AFHTTPSessionManager *)CDNSessionManager { if (self.isCensorshipCircumventionActive) { - DDLogInfo(@"%@ using reflector CDNSessionManager via: %@", self.logTag, self.domainFrontingBaseURL); + DDLogInfo(@"%@ using reflector CDNSessionManager via: %@", + self.logTag, + self.censorshipConfiguration.domainFrontBaseURL); return self.reflectorCDNSessionManager; } else { return self.defaultCDNSessionManager; @@ -243,86 +226,21 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = - (AFHTTPSessionManager *)reflectorCDNSessionManager { NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration; - AFHTTPSessionManager *sessionManager = - [[AFHTTPSessionManager alloc] initWithBaseURL:self.domainFrontingBaseURL sessionConfiguration:sessionConf]; - - sessionManager.securityPolicy = [[self class] googlePinningPolicy]; - - sessionManager.requestSerializer = [AFJSONRequestSerializer serializer]; - [sessionManager.requestSerializer setValue:self.censorshipConfiguration.CDNReflectorHost forHTTPHeaderField:@"Host"]; - - sessionManager.responseSerializer = [AFJSONResponseSerializer serializer]; - - return sessionManager; -} -#pragma mark - Google Pinning Policy - -+ (nullable NSData *)certificateDataWithName:(NSString *)name error:(NSError **)error -{ - if (!name.length) { - OWSFail(@"%@ expected name with length > 0", self.logTag); - *error = OWSErrorMakeAssertionError(); - return nil; - } + OWSCensorshipConfiguration *censorshipConfiguration = self.censorshipConfiguration; - NSBundle *bundle = [NSBundle bundleForClass:self.class]; - NSString *path = [bundle pathForResource:name ofType:@"crt"]; - if (![[NSFileManager defaultManager] fileExistsAtPath:path]) { - OWSFail(@"%@ Missing certificate for name: %@", self.logTag, name); - *error = OWSErrorMakeAssertionError(); - return nil; - } - - NSData *_Nullable certData = [NSData dataWithContentsOfFile:path options:0 error:error]; - - if (*error != nil) { - OWSFail(@"%@ Failed to read cert file with path: %@", self.logTag, path); - return nil; - } - - if (certData.length == 0) { - OWSFail(@"%@ empty certData for name: %@", self.logTag, name); - return nil; - } - - DDLogVerbose(@"%@ read cert data with name: %@ length: %lu", self.logTag, name, (unsigned long)certData.length); - return certData; -} - -/** - * We use the Google Pinning Policy when connecting to our censorship circumventing reflector, - * which is hosted on Google. - */ -+ (AFSecurityPolicy *)googlePinningPolicy -{ - static AFSecurityPolicy *securityPolicy = nil; - static dispatch_once_t onceToken; - dispatch_once(&onceToken, ^{ - - NSMutableSet *certificates = [NSMutableSet new]; + AFHTTPSessionManager *sessionManager = + [[AFHTTPSessionManager alloc] initWithBaseURL:censorshipConfiguration.domainFrontBaseURL + sessionConfiguration:sessionConf]; - // GIAG2 cert plus root certs from pki.goog - NSArray *certNames = @[ @"GIAG2", @"GSR2", @"GSR4", @"GTSR1", @"GTSR2", @"GTSR3", @"GTSR4" ]; + sessionManager.securityPolicy = censorshipConfiguration.domainFrontSecurityPolicy; - for (NSString *certName in certNames) { - NSError *error; - NSData *certData = [self certificateDataWithName:certName error:&error]; - if (error) { - DDLogError(@"%@ Failed to get %@ certificate data with error: %@", self.logTag, certName, error); - OWSRaiseException(@"OWSSignalService_UnableToReadCertificate", error.description); - } + sessionManager.requestSerializer = [AFJSONRequestSerializer serializer]; + [sessionManager.requestSerializer setValue:censorshipConfiguration.CDNReflectorHost forHTTPHeaderField:@"Host"]; - if (!certData) { - DDLogError(@"%@ No data for certificate: %@", self.logTag, certName); - OWSRaiseException(@"OWSSignalService_UnableToReadCertificate", error.description); - } - [certificates addObject:certData]; - } + sessionManager.responseSerializer = [AFJSONResponseSerializer serializer]; - securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate withPinnedCertificates:certificates]; - }); - return securityPolicy; + return sessionManager; } #pragma mark - Events @@ -339,27 +257,34 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = #pragma mark - Manual Censorship Circumvention -- (NSString *)manualCensorshipCircumventionDomain +- (nullable OWSCensorshipConfiguration *)censorshipConfiguration { - return [[OWSPrimaryStorage dbReadConnection] objectForKey:kOWSPrimaryStorage_ManualCensorshipCircumventionDomain - inCollection:kOWSPrimaryStorage_OWSSignalService]; -} + if (self.isCensorshipCircumventionManuallyActivated) { + NSString *countryCode = self.manualCensorshipCircumventionCountryCode; + if (countryCode.length == 0) { + OWSFail(@"%@ manualCensorshipCircumventionCountryCode was unexpectedly 0", self.logTag); + } -- (void)setManualCensorshipCircumventionDomain:(NSString *)value -{ - [[OWSPrimaryStorage dbReadWriteConnection] setObject:value - forKey:kOWSPrimaryStorage_ManualCensorshipCircumventionDomain - inCollection:kOWSPrimaryStorage_OWSSignalService]; + OWSCensorshipConfiguration *configuration = + [OWSCensorshipConfiguration censorshipConfigurationWithCountryCode:countryCode]; + OWSAssert(configuration); + + return configuration; + } + + OWSCensorshipConfiguration *configuration = + [OWSCensorshipConfiguration censorshipConfigurationWithPhoneNumber:TSAccountManager.localNumber]; + return configuration; } -- (NSString *)manualCensorshipCircumventionCountryCode +- (nullable NSString *)manualCensorshipCircumventionCountryCode { return [[OWSPrimaryStorage dbReadConnection] objectForKey:kOWSPrimaryStorage_ManualCensorshipCircumventionCountryCode inCollection:kOWSPrimaryStorage_OWSSignalService]; } -- (void)setManualCensorshipCircumventionCountryCode:(NSString *)value +- (void)setManualCensorshipCircumventionCountryCode:(nullable NSString *)value { [[OWSPrimaryStorage dbReadWriteConnection] setObject:value forKey:kOWSPrimaryStorage_ManualCensorshipCircumventionCountryCode diff --git a/SignalServiceKit/src/TSConstants.h b/SignalServiceKit/src/TSConstants.h index d80ff8e2d..3ec11cbce 100644 --- a/SignalServiceKit/src/TSConstants.h +++ b/SignalServiceKit/src/TSConstants.h @@ -23,8 +23,9 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) { #define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/" #define textSecureServerURL @"https://textsecure-service.whispersystems.org/" #define textSecureCDNServerURL @"https://cdn.signal.org" -#define textSecureServiceReflectorHost @"signal-reflector-meek.appspot.com" -#define textSecureCDNReflectorHost @"signal-cdn-reflector.appspot.com" +// Use same reflector for service and CDN +#define textSecureServiceReflectorHost @"textsecure-service-reflected.whispersystems.org" +#define textSecureCDNReflectorHost @"textsecure-service-reflected.whispersystems.org" //#else //