2016-12-29 20:54:05 -08:00
|
|
|
package org.thoughtcrime.securesms.push;
|
|
|
|
|
|
|
|
|
|
|
|
import android.content.Context;
|
2020-08-19 10:06:26 +10:00
|
|
|
import androidx.annotation.Nullable;
|
2016-12-29 20:54:05 -08:00
|
|
|
|
|
|
|
import org.thoughtcrime.securesms.util.TextSecurePreferences;
|
|
|
|
import org.whispersystems.signalservice.api.push.TrustStore;
|
2017-08-08 16:37:15 -07:00
|
|
|
import org.whispersystems.signalservice.internal.configuration.SignalCdnUrl;
|
2018-07-18 08:27:05 -07:00
|
|
|
import org.whispersystems.signalservice.internal.configuration.SignalContactDiscoveryUrl;
|
2017-08-08 16:37:15 -07:00
|
|
|
import org.whispersystems.signalservice.internal.configuration.SignalServiceConfiguration;
|
|
|
|
import org.whispersystems.signalservice.internal.configuration.SignalServiceUrl;
|
2016-12-29 20:54:05 -08:00
|
|
|
|
|
|
|
import java.util.HashMap;
|
|
|
|
import java.util.Map;
|
|
|
|
|
2019-07-24 12:30:23 +10:00
|
|
|
import network.loki.messenger.BuildConfig;
|
2017-01-11 15:37:51 -08:00
|
|
|
import okhttp3.CipherSuite;
|
|
|
|
import okhttp3.ConnectionSpec;
|
|
|
|
import okhttp3.TlsVersion;
|
|
|
|
|
2016-12-29 20:54:05 -08:00
|
|
|
public class SignalServiceNetworkAccess {
|
|
|
|
|
2018-05-22 02:13:10 -07:00
|
|
|
@SuppressWarnings("unused")
|
2018-12-06 12:14:20 -08:00
|
|
|
private static final String TAG = SignalServiceNetworkAccess.class.getSimpleName();
|
2016-12-29 20:54:05 -08:00
|
|
|
|
2018-03-27 14:22:56 -07:00
|
|
|
private static final String COUNTRY_CODE_EGYPT = "+20";
|
|
|
|
private static final String COUNTRY_CODE_UAE = "+971";
|
|
|
|
private static final String COUNTRY_CODE_OMAN = "+968";
|
|
|
|
private static final String COUNTRY_CODE_QATAR = "+974";
|
2016-12-29 20:54:05 -08:00
|
|
|
|
2019-04-03 20:56:21 -04:00
|
|
|
private static final String SERVICE_REFLECTOR_HOST = "europe-west1-signal-cdn-reflector.cloudfunctions.net";
|
2017-01-11 15:37:51 -08:00
|
|
|
|
2019-04-03 20:56:21 -04:00
|
|
|
private static final ConnectionSpec GMAPS_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
|
|
|
|
.tlsVersions(TlsVersion.TLS_1_2)
|
|
|
|
.cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
|
|
|
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
|
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
|
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
|
CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
|
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
|
|
|
|
.supportsTlsExtensions(true)
|
|
|
|
.build();
|
|
|
|
|
|
|
|
private static final ConnectionSpec GMAIL_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
|
|
|
|
.tlsVersions(TlsVersion.TLS_1_2)
|
|
|
|
.cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
|
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
|
CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
|
|
|
|
.supportsTlsExtensions(true)
|
|
|
|
.build();
|
|
|
|
|
|
|
|
private static final ConnectionSpec PLAY_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
|
2017-01-11 15:37:51 -08:00
|
|
|
.tlsVersions(TlsVersion.TLS_1_2)
|
|
|
|
.cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
|
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
|
CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
|
2018-03-27 14:22:56 -07:00
|
|
|
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
|
2017-01-11 15:37:51 -08:00
|
|
|
.supportsTlsExtensions(true)
|
|
|
|
.build();
|
|
|
|
|
2019-04-03 20:56:21 -04:00
|
|
|
|
2017-08-08 16:37:15 -07:00
|
|
|
private final Map<String, SignalServiceConfiguration> censorshipConfiguration;
|
|
|
|
private final String[] censoredCountries;
|
|
|
|
private final SignalServiceConfiguration uncensoredConfiguration;
|
2016-12-29 20:54:05 -08:00
|
|
|
|
|
|
|
public SignalServiceNetworkAccess(Context context) {
|
2019-04-03 20:56:21 -04:00
|
|
|
|
|
|
|
final TrustStore trustStore = new DomainFrontingTrustStore(context);
|
2019-04-12 19:33:20 -04:00
|
|
|
final SignalServiceUrl baseGoogleService = new SignalServiceUrl("https://www.google.com/service", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalServiceUrl baseAndroidService = new SignalServiceUrl("https://android.clients.google.com/service", SERVICE_REFLECTOR_HOST, trustStore, PLAY_CONNECTION_SPEC);
|
|
|
|
final SignalServiceUrl mapsOneAndroidService = new SignalServiceUrl("https://clients3.google.com/service", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
|
|
|
|
final SignalServiceUrl mapsTwoAndroidService = new SignalServiceUrl("https://clients4.google.com/service", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
|
|
|
|
final SignalServiceUrl mailAndroidService = new SignalServiceUrl("https://inbox.google.com/service", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalServiceUrl egyptGoogleService = new SignalServiceUrl("https://www.google.com.eg/service", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalServiceUrl uaeGoogleService = new SignalServiceUrl("https://www.google.com.ae/service", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalServiceUrl omanGoogleService = new SignalServiceUrl("https://www.google.com.om/service", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalServiceUrl qatarGoogleService = new SignalServiceUrl("https://www.google.com.qa/service", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
|
|
|
|
final SignalCdnUrl baseGoogleCdn = new SignalCdnUrl("https://www.google.com/cdn", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalCdnUrl baseAndroidCdn = new SignalCdnUrl("https://android.clients.google.com/cdn", SERVICE_REFLECTOR_HOST, trustStore, PLAY_CONNECTION_SPEC);
|
|
|
|
final SignalCdnUrl mapsOneAndroidCdn = new SignalCdnUrl("https://clients3.google.com/cdn", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
|
|
|
|
final SignalCdnUrl mapsTwoAndroidCdn = new SignalCdnUrl("https://clients4.google.com/cdn", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
|
|
|
|
final SignalCdnUrl mailAndroidCdn = new SignalCdnUrl("https://inbox.google.com/cdn", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalCdnUrl egyptGoogleCdn = new SignalCdnUrl("https://www.google.com.eg/cdn", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalCdnUrl uaeGoogleCdn = new SignalCdnUrl("https://www.google.com.ae/cdn", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalCdnUrl omanGoogleCdn = new SignalCdnUrl("https://www.google.com.om/cdn", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalCdnUrl qatarGoogleCdn = new SignalCdnUrl("https://www.google.com.qa/cdn", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
|
|
|
|
final SignalContactDiscoveryUrl baseGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com/directory", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalContactDiscoveryUrl baseAndroidDiscovery = new SignalContactDiscoveryUrl("https://android.clients.google.com/directory", SERVICE_REFLECTOR_HOST, trustStore, PLAY_CONNECTION_SPEC);
|
|
|
|
final SignalContactDiscoveryUrl mapsOneAndroidDiscovery = new SignalContactDiscoveryUrl("https://clients3.google.com/directory", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
|
|
|
|
final SignalContactDiscoveryUrl mapsTwoAndroidDiscovery = new SignalContactDiscoveryUrl("https://clients4.google.com/directory", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
|
|
|
|
final SignalContactDiscoveryUrl mailAndroidDiscovery = new SignalContactDiscoveryUrl("https://inbox.google.com/directory", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalContactDiscoveryUrl egyptGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.eg/directory", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalContactDiscoveryUrl uaeGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.ae/directory", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalContactDiscoveryUrl omanGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.om/directory", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
|
|
|
final SignalContactDiscoveryUrl qatarGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.qa/directory", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
|
2019-04-03 20:56:21 -04:00
|
|
|
|
2016-12-29 20:54:05 -08:00
|
|
|
|
2017-08-08 16:37:15 -07:00
|
|
|
this.censorshipConfiguration = new HashMap<String, SignalServiceConfiguration>() {{
|
2019-04-03 20:56:21 -04:00
|
|
|
put(COUNTRY_CODE_EGYPT, new SignalServiceConfiguration(new SignalServiceUrl[] {egyptGoogleService, baseGoogleService, baseAndroidService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService},
|
|
|
|
new SignalCdnUrl[] {egyptGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn, mailAndroidCdn},
|
|
|
|
new SignalContactDiscoveryUrl[] {egyptGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery}));
|
|
|
|
|
|
|
|
put(COUNTRY_CODE_UAE, new SignalServiceConfiguration(new SignalServiceUrl[] {uaeGoogleService, baseAndroidService, baseGoogleService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService},
|
|
|
|
new SignalCdnUrl[] {uaeGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn},
|
|
|
|
new SignalContactDiscoveryUrl[] {uaeGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery}));
|
|
|
|
|
|
|
|
put(COUNTRY_CODE_OMAN, new SignalServiceConfiguration(new SignalServiceUrl[] {omanGoogleService, baseAndroidService, baseGoogleService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService},
|
|
|
|
new SignalCdnUrl[] {omanGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn},
|
|
|
|
new SignalContactDiscoveryUrl[] {omanGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery}));
|
|
|
|
|
|
|
|
|
|
|
|
put(COUNTRY_CODE_QATAR, new SignalServiceConfiguration(new SignalServiceUrl[] {qatarGoogleService, baseAndroidService, baseGoogleService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService},
|
|
|
|
new SignalCdnUrl[] {qatarGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn},
|
|
|
|
new SignalContactDiscoveryUrl[] {qatarGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery}));
|
2016-12-29 20:54:05 -08:00
|
|
|
}};
|
|
|
|
|
2017-08-08 16:37:15 -07:00
|
|
|
this.uncensoredConfiguration = new SignalServiceConfiguration(new SignalServiceUrl[] {new SignalServiceUrl(BuildConfig.SIGNAL_URL, new SignalServiceTrustStore(context))},
|
2018-07-18 08:27:05 -07:00
|
|
|
new SignalCdnUrl[] {new SignalCdnUrl(BuildConfig.SIGNAL_CDN_URL, new SignalServiceTrustStore(context))},
|
|
|
|
new SignalContactDiscoveryUrl[] {new SignalContactDiscoveryUrl(BuildConfig.SIGNAL_CONTACT_DISCOVERY_URL, new SignalServiceTrustStore(context))});
|
2016-12-29 20:54:05 -08:00
|
|
|
|
|
|
|
this.censoredCountries = this.censorshipConfiguration.keySet().toArray(new String[0]);
|
|
|
|
}
|
|
|
|
|
2017-08-08 16:37:15 -07:00
|
|
|
public SignalServiceConfiguration getConfiguration(Context context) {
|
2016-12-29 20:54:05 -08:00
|
|
|
String localNumber = TextSecurePreferences.getLocalNumber(context);
|
|
|
|
return getConfiguration(localNumber);
|
|
|
|
}
|
|
|
|
|
2017-08-08 16:37:15 -07:00
|
|
|
public SignalServiceConfiguration getConfiguration(@Nullable String localNumber) {
|
2017-01-11 15:37:51 -08:00
|
|
|
if (localNumber == null) return this.uncensoredConfiguration;
|
|
|
|
|
2016-12-29 20:54:05 -08:00
|
|
|
for (String censoredRegion : this.censoredCountries) {
|
|
|
|
if (localNumber.startsWith(censoredRegion)) {
|
|
|
|
return this.censorshipConfiguration.get(censoredRegion);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return this.uncensoredConfiguration;
|
|
|
|
}
|
|
|
|
|
|
|
|
public boolean isCensored(Context context) {
|
|
|
|
return getConfiguration(context) != this.uncensoredConfiguration;
|
|
|
|
}
|
|
|
|
|
2017-01-11 15:37:51 -08:00
|
|
|
public boolean isCensored(String number) {
|
|
|
|
return getConfiguration(number) != this.uncensoredConfiguration;
|
|
|
|
}
|
|
|
|
|
2016-12-29 20:54:05 -08:00
|
|
|
}
|