diff --git a/res/raw/censorship_fronting.store b/res/raw/censorship_fronting.store index 88b3f43762..f91af9fa04 100644 Binary files a/res/raw/censorship_fronting.store and b/res/raw/censorship_fronting.store differ diff --git a/src/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.java b/src/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.java index ad97b96da9..bfcfbb687d 100644 --- a/src/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.java +++ b/src/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.java @@ -29,43 +29,111 @@ public class SignalServiceNetworkAccess { private static final String COUNTRY_CODE_OMAN = "+968"; private static final String COUNTRY_CODE_QATAR = "+974"; - private static final String SERVICE_REFLECTOR_HOST = "textsecure-service-reflected.whispersystems.org"; + private static final String SERVICE_REFLECTOR_HOST = "europe-west1-signal-cdn-reflector.cloudfunctions.net"; - private static final ConnectionSpec SOUQ_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + private static final ConnectionSpec GMAPS_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256, + CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, + CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA) + .supportsTlsExtensions(true) + .build(); + + private static final ConnectionSpec GMAIL_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) .tlsVersions(TlsVersion.TLS_1_2) .cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA, CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA) .supportsTlsExtensions(true) .build(); + private static final ConnectionSpec PLAY_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) + .tlsVersions(TlsVersion.TLS_1_2) + .cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256, + CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA) + .supportsTlsExtensions(true) + .build(); + + private final Map censorshipConfiguration; private final String[] censoredCountries; private final SignalServiceConfiguration uncensoredConfiguration; public SignalServiceNetworkAccess(Context context) { - final TrustStore trustStore = new DomainFrontingTrustStore(context); - final SignalServiceUrl service = new SignalServiceUrl("https://cms.souqcdn.com", SERVICE_REFLECTOR_HOST, trustStore, SOUQ_CONNECTION_SPEC); - final SignalCdnUrl serviceCdn = new SignalCdnUrl("https://cms.souqcdn.com", SERVICE_REFLECTOR_HOST, trustStore, SOUQ_CONNECTION_SPEC); - final SignalContactDiscoveryUrl serviceContact = new SignalContactDiscoveryUrl("https://cms.souqcdn.com", SERVICE_REFLECTOR_HOST, trustStore, SOUQ_CONNECTION_SPEC); - final SignalServiceConfiguration serviceConfig = new SignalServiceConfiguration(new SignalServiceUrl[] { service }, - new SignalCdnUrl[] { serviceCdn }, - new SignalContactDiscoveryUrl[] { serviceContact }); + + final TrustStore trustStore = new DomainFrontingTrustStore(context); + final SignalServiceUrl baseGoogleService = new SignalServiceUrl("https://www.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalServiceUrl baseAndroidService = new SignalServiceUrl("https://android.clients.google.com", SERVICE_REFLECTOR_HOST, trustStore, PLAY_CONNECTION_SPEC); + final SignalServiceUrl mapsOneAndroidService = new SignalServiceUrl("https://clients3.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC); + final SignalServiceUrl mapsTwoAndroidService = new SignalServiceUrl("https://clients4.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC); + final SignalServiceUrl mailAndroidService = new SignalServiceUrl("https://inbox.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalServiceUrl egyptGoogleService = new SignalServiceUrl("https://www.google.com.eg", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalServiceUrl uaeGoogleService = new SignalServiceUrl("https://www.google.com.ae", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalServiceUrl omanGoogleService = new SignalServiceUrl("https://www.google.com.om", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalServiceUrl qatarGoogleService = new SignalServiceUrl("https://www.google.com.qa", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + + final SignalCdnUrl baseGoogleCdn = new SignalCdnUrl("https://www.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalCdnUrl baseAndroidCdn = new SignalCdnUrl("https://android.clients.google.com", SERVICE_REFLECTOR_HOST, trustStore, PLAY_CONNECTION_SPEC); + final SignalCdnUrl mapsOneAndroidCdn = new SignalCdnUrl("https://clients3.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC); + final SignalCdnUrl mapsTwoAndroidCdn = new SignalCdnUrl("https://clients4.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC); + final SignalCdnUrl mailAndroidCdn = new SignalCdnUrl("https://inbox.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalCdnUrl egyptGoogleCdn = new SignalCdnUrl("https://www.google.com.eg", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalCdnUrl uaeGoogleCdn = new SignalCdnUrl("https://www.google.com.ae", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalCdnUrl omanGoogleCdn = new SignalCdnUrl("https://www.google.com.om", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalCdnUrl qatarGoogleCdn = new SignalCdnUrl("https://www.google.com.qa", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + + final SignalContactDiscoveryUrl baseGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalContactDiscoveryUrl baseAndroidDiscovery = new SignalContactDiscoveryUrl("https://android.clients.google.com", SERVICE_REFLECTOR_HOST, trustStore, PLAY_CONNECTION_SPEC); + final SignalContactDiscoveryUrl mapsOneAndroidDiscovery = new SignalContactDiscoveryUrl("https://clients3.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC); + final SignalContactDiscoveryUrl mapsTwoAndroidDiscovery = new SignalContactDiscoveryUrl("https://clients4.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC); + final SignalContactDiscoveryUrl mailAndroidDiscovery = new SignalContactDiscoveryUrl("https://inbox.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalContactDiscoveryUrl egyptGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.eg", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalContactDiscoveryUrl uaeGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.ae", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalContactDiscoveryUrl omanGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.om", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + final SignalContactDiscoveryUrl qatarGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.qa", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC); + this.censorshipConfiguration = new HashMap() {{ - put(COUNTRY_CODE_EGYPT, serviceConfig); - put(COUNTRY_CODE_UAE, serviceConfig); - put(COUNTRY_CODE_OMAN, serviceConfig); - put(COUNTRY_CODE_QATAR, serviceConfig); + put(COUNTRY_CODE_EGYPT, new SignalServiceConfiguration(new SignalServiceUrl[] {egyptGoogleService, baseGoogleService, baseAndroidService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService}, + new SignalCdnUrl[] {egyptGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn, mailAndroidCdn}, + new SignalContactDiscoveryUrl[] {egyptGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery})); + + put(COUNTRY_CODE_UAE, new SignalServiceConfiguration(new SignalServiceUrl[] {uaeGoogleService, baseAndroidService, baseGoogleService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService}, + new SignalCdnUrl[] {uaeGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn}, + new SignalContactDiscoveryUrl[] {uaeGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery})); + + put(COUNTRY_CODE_OMAN, new SignalServiceConfiguration(new SignalServiceUrl[] {omanGoogleService, baseAndroidService, baseGoogleService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService}, + new SignalCdnUrl[] {omanGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn}, + new SignalContactDiscoveryUrl[] {omanGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery})); + + + put(COUNTRY_CODE_QATAR, new SignalServiceConfiguration(new SignalServiceUrl[] {qatarGoogleService, baseAndroidService, baseGoogleService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService}, + new SignalCdnUrl[] {qatarGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn}, + new SignalContactDiscoveryUrl[] {qatarGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery})); }}; this.uncensoredConfiguration = new SignalServiceConfiguration(new SignalServiceUrl[] {new SignalServiceUrl(BuildConfig.SIGNAL_URL, new SignalServiceTrustStore(context))},