Add censorship circumvention support for KBS and Storage Service
This commit is contained in:
parent
37ead70db4
commit
e737e0aa73
@ -636,8 +636,8 @@ NSString *const kProfileView_LastPresentedDate = @"kProfileView_LastPresentedDat
|
||||
OWSAssertIsOnMainThread();
|
||||
OWSLogVerbose(@"");
|
||||
|
||||
// If the user already has a pin or censorship circumvention is enabled, just go home
|
||||
if ([OWS2FAManager sharedManager].is2FAEnabled || OWSSignalService.sharedInstance.isCensorshipCircumventionActive) {
|
||||
// If the user already has a pin, just go home
|
||||
if ([OWS2FAManager sharedManager].is2FAEnabled) {
|
||||
return [self showConversationSplitView];
|
||||
}
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
//
|
||||
// Copyright (c) 2019 Open Whisper Systems. All rights reserved.
|
||||
// Copyright (c) 2020 Open Whisper Systems. All rights reserved.
|
||||
//
|
||||
|
||||
NS_ASSUME_NONNULL_BEGIN
|
||||
@ -23,8 +23,6 @@ extern NSString *const OWSFrontingHost_GoogleQatar;
|
||||
|
||||
+ (BOOL)isCensoredPhoneNumber:(NSString *)e164PhoneNumber;
|
||||
|
||||
@property (nonatomic, readonly) NSString *signalServiceReflectorHost;
|
||||
@property (nonatomic, readonly) NSString *CDNReflectorHost;
|
||||
@property (nonatomic, readonly) NSURL *domainFrontBaseURL;
|
||||
@property (nonatomic, readonly) AFSecurityPolicy *domainFrontSecurityPolicy;
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
//
|
||||
// Copyright (c) 2019 Open Whisper Systems. All rights reserved.
|
||||
// Copyright (c) 2020 Open Whisper Systems. All rights reserved.
|
||||
//
|
||||
|
||||
#import "OWSCensorshipConfiguration.h"
|
||||
@ -79,18 +79,6 @@ NSString *const OWSFrontingHost_Default = @"www.google.com";
|
||||
return self;
|
||||
}
|
||||
|
||||
// MARK: Public Getters
|
||||
|
||||
- (NSString *)signalServiceReflectorHost
|
||||
{
|
||||
return TSConstants.textSecureServiceReflectorHost;
|
||||
}
|
||||
|
||||
- (NSString *)CDNReflectorHost
|
||||
{
|
||||
return TSConstants.textSecureCDNReflectorHost;
|
||||
}
|
||||
|
||||
// MARK: Util
|
||||
|
||||
+ (NSDictionary<NSString *, NSString *> *)censoredCountryCodes
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
//
|
||||
// Copyright (c) 2019 Open Whisper Systems. All rights reserved.
|
||||
// Copyright (c) 2020 Open Whisper Systems. All rights reserved.
|
||||
//
|
||||
|
||||
#import "OWSSignalService.h"
|
||||
@ -240,7 +240,7 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange =
|
||||
sessionManager.securityPolicy = censorshipConfiguration.domainFrontSecurityPolicy;
|
||||
|
||||
sessionManager.requestSerializer = [AFJSONRequestSerializer serializer];
|
||||
[sessionManager.requestSerializer setValue:censorshipConfiguration.signalServiceReflectorHost
|
||||
[sessionManager.requestSerializer setValue:TSConstants.censorshipReflectorHost
|
||||
forHTTPHeaderField:@"Host"];
|
||||
sessionManager.responseSerializer = [AFJSONResponseSerializer serializer];
|
||||
// Disable default cookie handling for all requests.
|
||||
@ -296,7 +296,7 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange =
|
||||
sessionManager.securityPolicy = censorshipConfiguration.domainFrontSecurityPolicy;
|
||||
|
||||
sessionManager.requestSerializer = [AFJSONRequestSerializer serializer];
|
||||
[sessionManager.requestSerializer setValue:censorshipConfiguration.CDNReflectorHost forHTTPHeaderField:@"Host"];
|
||||
[sessionManager.requestSerializer setValue:TSConstants.censorshipReflectorHost forHTTPHeaderField:@"Host"];
|
||||
|
||||
sessionManager.responseSerializer = [AFJSONResponseSerializer serializer];
|
||||
|
||||
@ -306,6 +306,21 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange =
|
||||
#pragma mark - Storage Service
|
||||
|
||||
- (AFHTTPSessionManager *)storageServiceSessionManager
|
||||
{
|
||||
AFHTTPSessionManager *result;
|
||||
if (self.isCensorshipCircumventionActive) {
|
||||
OWSCensorshipConfiguration *censorshipConfiguration = [self buildCensorshipConfiguration];
|
||||
OWSLogInfo(@"using reflector storageServiceSessionManager via: %@", censorshipConfiguration.domainFrontBaseURL);
|
||||
result = [self reflectorStorageServiceSessionManagerWithCensorshipConfiguration:censorshipConfiguration];
|
||||
} else {
|
||||
result = self.defaultStorageServiceSessionManager;
|
||||
}
|
||||
// By default, CDN content should be binary.
|
||||
result.responseSerializer = [AFHTTPResponseSerializer serializer];
|
||||
return result;
|
||||
}
|
||||
|
||||
- (AFHTTPSessionManager *)defaultStorageServiceSessionManager
|
||||
{
|
||||
NSURL *baseURL = [[NSURL alloc] initWithString:TSConstants.storageServiceURL];
|
||||
OWSAssertDebug(baseURL);
|
||||
@ -324,6 +339,26 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange =
|
||||
return sessionManager;
|
||||
}
|
||||
|
||||
- (AFHTTPSessionManager *)reflectorStorageServiceSessionManagerWithCensorshipConfiguration:
|
||||
(OWSCensorshipConfiguration *)censorshipConfiguration
|
||||
{
|
||||
NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration;
|
||||
|
||||
NSURL *frontingURL = censorshipConfiguration.domainFrontBaseURL;
|
||||
NSURL *baseURL = [frontingURL URLByAppendingPathComponent:TSConstants.storageServiceCensorshipPrefix];
|
||||
AFHTTPSessionManager *sessionManager =
|
||||
[[AFHTTPSessionManager alloc] initWithBaseURL:baseURL sessionConfiguration:sessionConf];
|
||||
|
||||
sessionManager.securityPolicy = censorshipConfiguration.domainFrontSecurityPolicy;
|
||||
|
||||
sessionManager.requestSerializer = [AFJSONRequestSerializer serializer];
|
||||
[sessionManager.requestSerializer setValue:TSConstants.censorshipReflectorHost forHTTPHeaderField:@"Host"];
|
||||
|
||||
sessionManager.responseSerializer = [AFJSONResponseSerializer serializer];
|
||||
|
||||
return sessionManager;
|
||||
}
|
||||
|
||||
#pragma mark - Events
|
||||
|
||||
- (void)registrationStateDidChange:(NSNotification *)notification
|
||||
|
||||
@ -6,17 +6,18 @@ private protocol TSConstantsProtocol: class {
|
||||
var textSecureWebSocketAPI: String { get }
|
||||
var textSecureServerURL: String { get }
|
||||
var textSecureCDNServerURL: String { get }
|
||||
var textSecureServiceReflectorHost: String { get }
|
||||
var textSecureCDNReflectorHost: String { get }
|
||||
var contactDiscoveryURL: String { get }
|
||||
var keyBackupURL: String { get }
|
||||
var storageServiceURL: String { get }
|
||||
var kUDTrustRoot: String { get }
|
||||
|
||||
var censorshipReflectorHost: String { get }
|
||||
|
||||
var serviceCensorshipPrefix: String { get }
|
||||
var cdnCensorshipPrefix: String { get }
|
||||
var contactDiscoveryCensorshipPrefix: String { get }
|
||||
var keyBackupCensorshipPrefix: String { get }
|
||||
var storageServiceCensorshipPrefix: String { get }
|
||||
|
||||
var contactDiscoveryEnclaveName: String { get }
|
||||
var contactDiscoveryMrEnclave: String { get }
|
||||
@ -48,10 +49,6 @@ public class TSConstants: NSObject {
|
||||
@objc
|
||||
public static var textSecureCDNServerURL: String { return shared.textSecureCDNServerURL }
|
||||
@objc
|
||||
public static var textSecureServiceReflectorHost: String { return shared.textSecureServiceReflectorHost }
|
||||
@objc
|
||||
public static var textSecureCDNReflectorHost: String { return shared.textSecureCDNReflectorHost }
|
||||
@objc
|
||||
public static var contactDiscoveryURL: String { return shared.contactDiscoveryURL }
|
||||
@objc
|
||||
public static var keyBackupURL: String { return shared.keyBackupURL }
|
||||
@ -60,6 +57,9 @@ public class TSConstants: NSObject {
|
||||
@objc
|
||||
public static var kUDTrustRoot: String { return shared.kUDTrustRoot }
|
||||
|
||||
@objc
|
||||
public static var censorshipReflectorHost: String { return shared.censorshipReflectorHost }
|
||||
|
||||
@objc
|
||||
public static var serviceCensorshipPrefix: String { return shared.serviceCensorshipPrefix }
|
||||
@objc
|
||||
@ -68,6 +68,8 @@ public class TSConstants: NSObject {
|
||||
public static var contactDiscoveryCensorshipPrefix: String { return shared.contactDiscoveryCensorshipPrefix }
|
||||
@objc
|
||||
public static var keyBackupCensorshipPrefix: String { return shared.keyBackupCensorshipPrefix }
|
||||
@objc
|
||||
public static var storageServiceCensorshipPrefix: String { return shared.storageServiceCensorshipPrefix }
|
||||
|
||||
@objc
|
||||
public static var contactDiscoveryEnclaveName: String { return shared.contactDiscoveryEnclaveName }
|
||||
@ -145,18 +147,18 @@ private class TSConstantsProduction: TSConstantsProtocol {
|
||||
public let textSecureWebSocketAPI = "wss://textsecure-service.whispersystems.org/v1/websocket/"
|
||||
public let textSecureServerURL = "https://textsecure-service.whispersystems.org/"
|
||||
public let textSecureCDNServerURL = "https://cdn.signal.org"
|
||||
// Use same reflector for service and CDN
|
||||
public let textSecureServiceReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net"
|
||||
public let textSecureCDNReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net"
|
||||
public let contactDiscoveryURL = "https://api.directory.signal.org"
|
||||
public let keyBackupURL = "https://api.backup.signal.org"
|
||||
public let storageServiceURL = "https://storage.signal.org"
|
||||
public let kUDTrustRoot = "BXu6QIKVz5MA8gstzfOgRQGqyLqOwNKHL6INkv3IHWMF"
|
||||
|
||||
public let censorshipReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net"
|
||||
|
||||
public let serviceCensorshipPrefix = "service"
|
||||
public let cdnCensorshipPrefix = "cdn"
|
||||
public let contactDiscoveryCensorshipPrefix = "directory"
|
||||
public let keyBackupCensorshipPrefix = "backup"
|
||||
public let storageServiceCensorshipPrefix = "storage"
|
||||
|
||||
public let contactDiscoveryEnclaveName = "cd6cfc342937b23b1bdd3bbf9721aa5615ac9ff50a75c5527d441cd3276826c9"
|
||||
public var contactDiscoveryMrEnclave: String {
|
||||
@ -185,17 +187,18 @@ private class TSConstantsStaging: TSConstantsProtocol {
|
||||
public let textSecureWebSocketAPI = "wss://textsecure-service-staging.whispersystems.org/v1/websocket/"
|
||||
public let textSecureServerURL = "https://textsecure-service-staging.whispersystems.org/"
|
||||
public let textSecureCDNServerURL = "https://cdn-staging.signal.org"
|
||||
public let textSecureServiceReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net"
|
||||
public let textSecureCDNReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net"
|
||||
public let contactDiscoveryURL = "https://api-staging.directory.signal.org"
|
||||
public let keyBackupURL = "https://api-staging.backup.signal.org"
|
||||
public let storageServiceURL = "https://storage-staging.signal.org"
|
||||
public let kUDTrustRoot = "BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx"
|
||||
|
||||
public let censorshipReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net"
|
||||
|
||||
public let serviceCensorshipPrefix = "service-staging"
|
||||
public let cdnCensorshipPrefix = "cdn-staging"
|
||||
public let contactDiscoveryCensorshipPrefix = "directory-staging"
|
||||
public let keyBackupCensorshipPrefix = "backup-staging"
|
||||
public let storageServiceCensorshipPrefix = "storage-staging"
|
||||
|
||||
// CDS uses the same EnclaveName and MrEnclave
|
||||
public let contactDiscoveryEnclaveName = "e0f7dee77dc9d705ccc1376859811da12ecec3b6119a19dc39bdfbf97173aa18"
|
||||
|
||||
@ -34,8 +34,6 @@ public class RemoteConfig: NSObject {
|
||||
// This feature latches "on" – once they have a master key in KBS,
|
||||
// even if we turn it off on the server they will keep using KBS.
|
||||
guard !KeyBackupService.hasMasterKey else { return true }
|
||||
// For now, KBS does not work for censorship circumvention users.
|
||||
guard !OWSSignalService.sharedInstance().isCensorshipCircumventionActive else { return false }
|
||||
return isEnabled("ios.kbs")
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user