From 2438bd16c5395829e884f942f14d4f7bd4e5c64e Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Tue, 3 Jan 2017 17:14:20 -0500 Subject: [PATCH 1/5] Add Iran, Oman, Cuba to censorship list. // FREEBIE --- src/Network/OWSCensorshipConfiguration.m | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/Network/OWSCensorshipConfiguration.m b/src/Network/OWSCensorshipConfiguration.m index 466547aa8..8da6d8056 100644 --- a/src/Network/OWSCensorshipConfiguration.m +++ b/src/Network/OWSCensorshipConfiguration.m @@ -24,10 +24,18 @@ NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-mee - (NSArray *)censoredCountryCodes { // Reports of censorship in: - // Egypt - // UAE - return @[@"+20", - @"+971"]; + return @[ + // Egypt + @"+20", + // Cuba + @"+53", + // Oman + @"+968", + // UAE + @"+971", + // Iran + @"+98", + ]; } - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber From 566c6e15d174f1966c888d87595f4927896f7eba Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Tue, 3 Jan 2017 17:34:07 -0500 Subject: [PATCH 2/5] Add asserts header. // FREEBIE --- src/Util/Asserts.h | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100755 src/Util/Asserts.h diff --git a/src/Util/Asserts.h b/src/Util/Asserts.h new file mode 100755 index 000000000..6b94d56ac --- /dev/null +++ b/src/Util/Asserts.h @@ -0,0 +1,30 @@ +// +// Asserts.h +// +// Copyright (c) 2016 Open Whisper Systems. All rights reserved. +// + +#import + +#ifndef OWSAssert + +#ifdef DEBUG + +#define USE_ASSERTS + +#define CONVERT_TO_STRING(X) #X +#define CONVERT_EXPR_TO_STRING(X) CONVERT_TO_STRING(X) + +#define OWSAssert(X) \ +if (!(X)) { \ +NSLog(@"Assertion failed: %s", CONVERT_EXPR_TO_STRING(X)); \ +NSAssert(0, @"Assertion failed: %s", CONVERT_EXPR_TO_STRING(X)); \ +} + +#else + +#define OWSAssert(X) + +#endif + +#endif From cc78978be50d2dd2efb33e5e34527af030713a2b Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Tue, 3 Jan 2017 17:35:58 -0500 Subject: [PATCH 3/5] Update fronting to use country-specific Google domains. // FREEBIE --- src/Network/OWSCensorshipConfiguration.h | 2 +- src/Network/OWSCensorshipConfiguration.m | 46 +++++++++++++++++------- src/Network/OWSSignalService.m | 5 ++- src/Util/Cryptography.m | 1 - 4 files changed, 38 insertions(+), 16 deletions(-) diff --git a/src/Network/OWSCensorshipConfiguration.h b/src/Network/OWSCensorshipConfiguration.h index 03a46da61..b1f363db7 100644 --- a/src/Network/OWSCensorshipConfiguration.h +++ b/src/Network/OWSCensorshipConfiguration.h @@ -7,7 +7,7 @@ NS_ASSUME_NONNULL_BEGIN @interface OWSCensorshipConfiguration : NSObject -- (NSString *)frontingHost; +- (NSString *)frontingHost:(NSString *)e164PhonNumber; - (NSString *)reflectorHost; - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber; diff --git a/src/Network/OWSCensorshipConfiguration.m b/src/Network/OWSCensorshipConfiguration.m index 8da6d8056..4d768a867 100644 --- a/src/Network/OWSCensorshipConfiguration.m +++ b/src/Network/OWSCensorshipConfiguration.m @@ -6,14 +6,29 @@ NS_ASSUME_NONNULL_BEGIN -NSString *const OWSCensorshipConfigurationFrontingHost = @"https://google.com"; NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-meek.appspot.com"; @implementation OWSCensorshipConfiguration -- (NSString *)frontingHost +- (NSString *)frontingHost:(NSString *)e164PhonNumber { - return OWSCensorshipConfigurationFrontingHost; + OWSAssert(e164PhonNumber.length > 0); + + NSString *domain = nil; + for (NSString *countryCode in self.censoredCountryCodes.allKeys) { + if ([e164PhonNumber hasPrefix:countryCode]) { + domain = self.censoredCountryCodes[countryCode]; + } + } + + // Fronting should only be used for countries specified in censoredCountryCodes, + // all of which have a domain specified. + OWSAssert(domain); + if (!domain) { + domain = @"google.com"; + } + + return [@"https://" stringByAppendingString:domain]; } - (NSString *)reflectorHost @@ -21,26 +36,31 @@ NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-mee return OWSCensorshipConfigurationReflectorHost; } -- (NSArray *)censoredCountryCodes +- (NSDictionary *)censoredCountryCodes { - // Reports of censorship in: - return @[ + // Domain fronting should be used for the following countries. + // + // For each country, we should the appropriate google domain, + // per: https://en.wikipedia.org/wiki/List_of_Google_domains + return @{ // Egypt - @"+20", + @"+20": @"google.com.eg", // Cuba - @"+53", + @"+53": @"google.com.cu", // Oman - @"+968", + @"+968": @"google.com.om", // UAE - @"+971", + @"+971": @"google.com.ae", // Iran - @"+98", - ]; + // + // There does not appear to be a specific Google domain for Iran. + @"+98": @"google.com", + }; } - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber { - for (NSString *countryCode in self.censoredCountryCodes) { + for (NSString *countryCode in self.censoredCountryCodes.allKeys) { if ([e164PhonNumber hasPrefix:countryCode]) { return YES; } diff --git a/src/Network/OWSSignalService.m b/src/Network/OWSSignalService.m index 30a6b08cd..d4dd8b995 100644 --- a/src/Network/OWSSignalService.m +++ b/src/Network/OWSSignalService.m @@ -69,8 +69,11 @@ NS_ASSUME_NONNULL_BEGIN - (AFHTTPSessionManager *)reflectorHTTPSessionManager { + NSString *localNumber = [TSAccountManager localNumber]; + OWSAssert(localNumber.length > 0); + // Target fronting domain - NSURL *baseURL = [[NSURL alloc] initWithString:self.censorshipConfiguration.frontingHost]; + NSURL *baseURL = [[NSURL alloc] initWithString:[self.censorshipConfiguration frontingHost:localNumber]]; NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration; AFHTTPSessionManager *sessionManager = [[AFHTTPSessionManager alloc] initWithBaseURL:baseURL sessionConfiguration:sessionConf]; diff --git a/src/Util/Cryptography.m b/src/Util/Cryptography.m index e454a6f79..22db2b09d 100755 --- a/src/Util/Cryptography.m +++ b/src/Util/Cryptography.m @@ -10,7 +10,6 @@ #import #import "Cryptography.h" - #import "NSData+Base64.h" #define HMAC256_KEY_LENGTH 32 From c3af5bc74245af220699ba7f44de469c1484595c Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Tue, 3 Jan 2017 17:48:21 -0500 Subject: [PATCH 4/5] Fix the UAE Google domain. // FREEBIE --- src/Network/OWSCensorshipConfiguration.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Network/OWSCensorshipConfiguration.m b/src/Network/OWSCensorshipConfiguration.m index 4d768a867..bce6e7466 100644 --- a/src/Network/OWSCensorshipConfiguration.m +++ b/src/Network/OWSCensorshipConfiguration.m @@ -50,7 +50,7 @@ NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-mee // Oman @"+968": @"google.com.om", // UAE - @"+971": @"google.com.ae", + @"+971": @"google.ae", // Iran // // There does not appear to be a specific Google domain for Iran. From 5b87af9bc6a32120063a98570f35b5571e28038f Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Wed, 4 Jan 2017 09:42:48 -0500 Subject: [PATCH 5/5] Respond to CR, fix build break. // FREEBIE --- src/Network/OWSCensorshipConfiguration.m | 16 ++++++++++++---- src/Network/OWSSignalService.m | 4 +++- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/Network/OWSCensorshipConfiguration.m b/src/Network/OWSCensorshipConfiguration.m index bce6e7466..e09096a06 100644 --- a/src/Network/OWSCensorshipConfiguration.m +++ b/src/Network/OWSCensorshipConfiguration.m @@ -3,6 +3,7 @@ #import "OWSCensorshipConfiguration.h" #import "TSStorageManager.h" +#import "Asserts.h" NS_ASSUME_NONNULL_BEGIN @@ -15,7 +16,7 @@ NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-mee OWSAssert(e164PhonNumber.length > 0); NSString *domain = nil; - for (NSString *countryCode in self.censoredCountryCodes.allKeys) { + for (NSString *countryCode in self.censoredCountryCodes) { if ([e164PhonNumber hasPrefix:countryCode]) { domain = self.censoredCountryCodes[countryCode]; } @@ -38,10 +39,17 @@ NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-mee - (NSDictionary *)censoredCountryCodes { - // Domain fronting should be used for the following countries. + // The set of countries for which domain fronting should be used. // - // For each country, we should the appropriate google domain, + // For each country, we should add the appropriate google domain, // per: https://en.wikipedia.org/wiki/List_of_Google_domains + // + // If we ever use any non-google domains for domain fronting, + // remember to: + // + // a) Add the appropriate pinning certificate(s) in + // SignalServiceKit.podspec. + // b) Update reflectorHost accordingly. return @{ // Egypt @"+20": @"google.com.eg", @@ -60,7 +68,7 @@ NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-mee - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber { - for (NSString *countryCode in self.censoredCountryCodes.allKeys) { + for (NSString *countryCode in self.censoredCountryCodes) { if ([e164PhonNumber hasPrefix:countryCode]) { return YES; } diff --git a/src/Network/OWSSignalService.m b/src/Network/OWSSignalService.m index d4dd8b995..f6067ba16 100644 --- a/src/Network/OWSSignalService.m +++ b/src/Network/OWSSignalService.m @@ -1,12 +1,14 @@ // Created by Michael Kirk on 12/20/16. // Copyright © 2016 Open Whisper Systems. All rights reserved. +#import + #import "OWSSignalService.h" #import "OWSCensorshipConfiguration.h" #import "OWSHTTPSecurityPolicy.h" #import "TSConstants.h" #import "TSAccountManager.h" -#import +#import "Asserts.h" NS_ASSUME_NONNULL_BEGIN