diff --git a/Signal/src/ViewControllers/ProfileViewController.m b/Signal/src/ViewControllers/ProfileViewController.m index f3a3e0dcb4..95e01545c2 100644 --- a/Signal/src/ViewControllers/ProfileViewController.m +++ b/Signal/src/ViewControllers/ProfileViewController.m @@ -636,8 +636,8 @@ NSString *const kProfileView_LastPresentedDate = @"kProfileView_LastPresentedDat OWSAssertIsOnMainThread(); OWSLogVerbose(@""); - // If the user already has a pin or censorship circumvention is enabled, just go home - if ([OWS2FAManager sharedManager].is2FAEnabled || OWSSignalService.sharedInstance.isCensorshipCircumventionActive) { + // If the user already has a pin, just go home + if ([OWS2FAManager sharedManager].is2FAEnabled) { return [self showConversationSplitView]; } diff --git a/SignalServiceKit/src/Network/OWSCensorshipConfiguration.h b/SignalServiceKit/src/Network/OWSCensorshipConfiguration.h index 5b0a161933..0d644a5245 100644 --- a/SignalServiceKit/src/Network/OWSCensorshipConfiguration.h +++ b/SignalServiceKit/src/Network/OWSCensorshipConfiguration.h @@ -1,5 +1,5 @@ // -// Copyright (c) 2019 Open Whisper Systems. All rights reserved. +// Copyright (c) 2020 Open Whisper Systems. All rights reserved. // NS_ASSUME_NONNULL_BEGIN @@ -23,8 +23,6 @@ extern NSString *const OWSFrontingHost_GoogleQatar; + (BOOL)isCensoredPhoneNumber:(NSString *)e164PhoneNumber; -@property (nonatomic, readonly) NSString *signalServiceReflectorHost; -@property (nonatomic, readonly) NSString *CDNReflectorHost; @property (nonatomic, readonly) NSURL *domainFrontBaseURL; @property (nonatomic, readonly) AFSecurityPolicy *domainFrontSecurityPolicy; diff --git a/SignalServiceKit/src/Network/OWSCensorshipConfiguration.m b/SignalServiceKit/src/Network/OWSCensorshipConfiguration.m index 8cb31c75ca..624b5ba7a1 100644 --- a/SignalServiceKit/src/Network/OWSCensorshipConfiguration.m +++ b/SignalServiceKit/src/Network/OWSCensorshipConfiguration.m @@ -1,5 +1,5 @@ // -// Copyright (c) 2019 Open Whisper Systems. All rights reserved. +// Copyright (c) 2020 Open Whisper Systems. All rights reserved. // #import "OWSCensorshipConfiguration.h" @@ -79,18 +79,6 @@ NSString *const OWSFrontingHost_Default = @"www.google.com"; return self; } -// MARK: Public Getters - -- (NSString *)signalServiceReflectorHost -{ - return TSConstants.textSecureServiceReflectorHost; -} - -- (NSString *)CDNReflectorHost -{ - return TSConstants.textSecureCDNReflectorHost; -} - // MARK: Util + (NSDictionary *)censoredCountryCodes diff --git a/SignalServiceKit/src/Network/OWSSignalService.m b/SignalServiceKit/src/Network/OWSSignalService.m index 69484e40eb..6df385c4aa 100644 --- a/SignalServiceKit/src/Network/OWSSignalService.m +++ b/SignalServiceKit/src/Network/OWSSignalService.m @@ -1,5 +1,5 @@ // -// Copyright (c) 2019 Open Whisper Systems. All rights reserved. +// Copyright (c) 2020 Open Whisper Systems. All rights reserved. // #import "OWSSignalService.h" @@ -240,7 +240,7 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = sessionManager.securityPolicy = censorshipConfiguration.domainFrontSecurityPolicy; sessionManager.requestSerializer = [AFJSONRequestSerializer serializer]; - [sessionManager.requestSerializer setValue:censorshipConfiguration.signalServiceReflectorHost + [sessionManager.requestSerializer setValue:TSConstants.censorshipReflectorHost forHTTPHeaderField:@"Host"]; sessionManager.responseSerializer = [AFJSONResponseSerializer serializer]; // Disable default cookie handling for all requests. @@ -296,7 +296,7 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = sessionManager.securityPolicy = censorshipConfiguration.domainFrontSecurityPolicy; sessionManager.requestSerializer = [AFJSONRequestSerializer serializer]; - [sessionManager.requestSerializer setValue:censorshipConfiguration.CDNReflectorHost forHTTPHeaderField:@"Host"]; + [sessionManager.requestSerializer setValue:TSConstants.censorshipReflectorHost forHTTPHeaderField:@"Host"]; sessionManager.responseSerializer = [AFJSONResponseSerializer serializer]; @@ -306,6 +306,21 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = #pragma mark - Storage Service - (AFHTTPSessionManager *)storageServiceSessionManager +{ + AFHTTPSessionManager *result; + if (self.isCensorshipCircumventionActive) { + OWSCensorshipConfiguration *censorshipConfiguration = [self buildCensorshipConfiguration]; + OWSLogInfo(@"using reflector storageServiceSessionManager via: %@", censorshipConfiguration.domainFrontBaseURL); + result = [self reflectorStorageServiceSessionManagerWithCensorshipConfiguration:censorshipConfiguration]; + } else { + result = self.defaultStorageServiceSessionManager; + } + // By default, CDN content should be binary. + result.responseSerializer = [AFHTTPResponseSerializer serializer]; + return result; +} + +- (AFHTTPSessionManager *)defaultStorageServiceSessionManager { NSURL *baseURL = [[NSURL alloc] initWithString:TSConstants.storageServiceURL]; OWSAssertDebug(baseURL); @@ -324,6 +339,26 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange = return sessionManager; } +- (AFHTTPSessionManager *)reflectorStorageServiceSessionManagerWithCensorshipConfiguration: + (OWSCensorshipConfiguration *)censorshipConfiguration +{ + NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration; + + NSURL *frontingURL = censorshipConfiguration.domainFrontBaseURL; + NSURL *baseURL = [frontingURL URLByAppendingPathComponent:TSConstants.storageServiceCensorshipPrefix]; + AFHTTPSessionManager *sessionManager = + [[AFHTTPSessionManager alloc] initWithBaseURL:baseURL sessionConfiguration:sessionConf]; + + sessionManager.securityPolicy = censorshipConfiguration.domainFrontSecurityPolicy; + + sessionManager.requestSerializer = [AFJSONRequestSerializer serializer]; + [sessionManager.requestSerializer setValue:TSConstants.censorshipReflectorHost forHTTPHeaderField:@"Host"]; + + sessionManager.responseSerializer = [AFJSONResponseSerializer serializer]; + + return sessionManager; +} + #pragma mark - Events - (void)registrationStateDidChange:(NSNotification *)notification diff --git a/SignalServiceKit/src/TSConstants.swift b/SignalServiceKit/src/TSConstants.swift index 14b63b73e6..7b1ff27f12 100644 --- a/SignalServiceKit/src/TSConstants.swift +++ b/SignalServiceKit/src/TSConstants.swift @@ -6,17 +6,18 @@ private protocol TSConstantsProtocol: class { var textSecureWebSocketAPI: String { get } var textSecureServerURL: String { get } var textSecureCDNServerURL: String { get } - var textSecureServiceReflectorHost: String { get } - var textSecureCDNReflectorHost: String { get } var contactDiscoveryURL: String { get } var keyBackupURL: String { get } var storageServiceURL: String { get } var kUDTrustRoot: String { get } + var censorshipReflectorHost: String { get } + var serviceCensorshipPrefix: String { get } var cdnCensorshipPrefix: String { get } var contactDiscoveryCensorshipPrefix: String { get } var keyBackupCensorshipPrefix: String { get } + var storageServiceCensorshipPrefix: String { get } var contactDiscoveryEnclaveName: String { get } var contactDiscoveryMrEnclave: String { get } @@ -48,10 +49,6 @@ public class TSConstants: NSObject { @objc public static var textSecureCDNServerURL: String { return shared.textSecureCDNServerURL } @objc - public static var textSecureServiceReflectorHost: String { return shared.textSecureServiceReflectorHost } - @objc - public static var textSecureCDNReflectorHost: String { return shared.textSecureCDNReflectorHost } - @objc public static var contactDiscoveryURL: String { return shared.contactDiscoveryURL } @objc public static var keyBackupURL: String { return shared.keyBackupURL } @@ -60,6 +57,9 @@ public class TSConstants: NSObject { @objc public static var kUDTrustRoot: String { return shared.kUDTrustRoot } + @objc + public static var censorshipReflectorHost: String { return shared.censorshipReflectorHost } + @objc public static var serviceCensorshipPrefix: String { return shared.serviceCensorshipPrefix } @objc @@ -68,6 +68,8 @@ public class TSConstants: NSObject { public static var contactDiscoveryCensorshipPrefix: String { return shared.contactDiscoveryCensorshipPrefix } @objc public static var keyBackupCensorshipPrefix: String { return shared.keyBackupCensorshipPrefix } + @objc + public static var storageServiceCensorshipPrefix: String { return shared.storageServiceCensorshipPrefix } @objc public static var contactDiscoveryEnclaveName: String { return shared.contactDiscoveryEnclaveName } @@ -145,18 +147,18 @@ private class TSConstantsProduction: TSConstantsProtocol { public let textSecureWebSocketAPI = "wss://textsecure-service.whispersystems.org/v1/websocket/" public let textSecureServerURL = "https://textsecure-service.whispersystems.org/" public let textSecureCDNServerURL = "https://cdn.signal.org" - // Use same reflector for service and CDN - public let textSecureServiceReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net" - public let textSecureCDNReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net" public let contactDiscoveryURL = "https://api.directory.signal.org" public let keyBackupURL = "https://api.backup.signal.org" public let storageServiceURL = "https://storage.signal.org" public let kUDTrustRoot = "BXu6QIKVz5MA8gstzfOgRQGqyLqOwNKHL6INkv3IHWMF" + public let censorshipReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net" + public let serviceCensorshipPrefix = "service" public let cdnCensorshipPrefix = "cdn" public let contactDiscoveryCensorshipPrefix = "directory" public let keyBackupCensorshipPrefix = "backup" + public let storageServiceCensorshipPrefix = "storage" public let contactDiscoveryEnclaveName = "cd6cfc342937b23b1bdd3bbf9721aa5615ac9ff50a75c5527d441cd3276826c9" public var contactDiscoveryMrEnclave: String { @@ -185,17 +187,18 @@ private class TSConstantsStaging: TSConstantsProtocol { public let textSecureWebSocketAPI = "wss://textsecure-service-staging.whispersystems.org/v1/websocket/" public let textSecureServerURL = "https://textsecure-service-staging.whispersystems.org/" public let textSecureCDNServerURL = "https://cdn-staging.signal.org" - public let textSecureServiceReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net" - public let textSecureCDNReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net" public let contactDiscoveryURL = "https://api-staging.directory.signal.org" public let keyBackupURL = "https://api-staging.backup.signal.org" public let storageServiceURL = "https://storage-staging.signal.org" public let kUDTrustRoot = "BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx" + public let censorshipReflectorHost = "europe-west1-signal-cdn-reflector.cloudfunctions.net" + public let serviceCensorshipPrefix = "service-staging" public let cdnCensorshipPrefix = "cdn-staging" public let contactDiscoveryCensorshipPrefix = "directory-staging" public let keyBackupCensorshipPrefix = "backup-staging" + public let storageServiceCensorshipPrefix = "storage-staging" // CDS uses the same EnclaveName and MrEnclave public let contactDiscoveryEnclaveName = "e0f7dee77dc9d705ccc1376859811da12ecec3b6119a19dc39bdfbf97173aa18" diff --git a/SignalServiceKit/src/Util/RemoteConfigManager.swift b/SignalServiceKit/src/Util/RemoteConfigManager.swift index 5bb0310ad7..641b28c3da 100644 --- a/SignalServiceKit/src/Util/RemoteConfigManager.swift +++ b/SignalServiceKit/src/Util/RemoteConfigManager.swift @@ -34,8 +34,6 @@ public class RemoteConfig: NSObject { // This feature latches "on" – once they have a master key in KBS, // even if we turn it off on the server they will keep using KBS. guard !KeyBackupService.hasMasterKey else { return true } - // For now, KBS does not work for censorship circumvention users. - guard !OWSSignalService.sharedInstance().isCensorshipCircumventionActive else { return false } return isEnabled("ios.kbs") }