From cc78978be50d2dd2efb33e5e34527af030713a2b Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Tue, 3 Jan 2017 17:35:58 -0500 Subject: [PATCH] Update fronting to use country-specific Google domains. // FREEBIE --- src/Network/OWSCensorshipConfiguration.h | 2 +- src/Network/OWSCensorshipConfiguration.m | 46 +++++++++++++++++------- src/Network/OWSSignalService.m | 5 ++- src/Util/Cryptography.m | 1 - 4 files changed, 38 insertions(+), 16 deletions(-) diff --git a/src/Network/OWSCensorshipConfiguration.h b/src/Network/OWSCensorshipConfiguration.h index 03a46da61..b1f363db7 100644 --- a/src/Network/OWSCensorshipConfiguration.h +++ b/src/Network/OWSCensorshipConfiguration.h @@ -7,7 +7,7 @@ NS_ASSUME_NONNULL_BEGIN @interface OWSCensorshipConfiguration : NSObject -- (NSString *)frontingHost; +- (NSString *)frontingHost:(NSString *)e164PhonNumber; - (NSString *)reflectorHost; - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber; diff --git a/src/Network/OWSCensorshipConfiguration.m b/src/Network/OWSCensorshipConfiguration.m index 8da6d8056..4d768a867 100644 --- a/src/Network/OWSCensorshipConfiguration.m +++ b/src/Network/OWSCensorshipConfiguration.m @@ -6,14 +6,29 @@ NS_ASSUME_NONNULL_BEGIN -NSString *const OWSCensorshipConfigurationFrontingHost = @"https://google.com"; NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-meek.appspot.com"; @implementation OWSCensorshipConfiguration -- (NSString *)frontingHost +- (NSString *)frontingHost:(NSString *)e164PhonNumber { - return OWSCensorshipConfigurationFrontingHost; + OWSAssert(e164PhonNumber.length > 0); + + NSString *domain = nil; + for (NSString *countryCode in self.censoredCountryCodes.allKeys) { + if ([e164PhonNumber hasPrefix:countryCode]) { + domain = self.censoredCountryCodes[countryCode]; + } + } + + // Fronting should only be used for countries specified in censoredCountryCodes, + // all of which have a domain specified. + OWSAssert(domain); + if (!domain) { + domain = @"google.com"; + } + + return [@"https://" stringByAppendingString:domain]; } - (NSString *)reflectorHost @@ -21,26 +36,31 @@ NSString *const OWSCensorshipConfigurationReflectorHost = @"signal-reflector-mee return OWSCensorshipConfigurationReflectorHost; } -- (NSArray *)censoredCountryCodes +- (NSDictionary *)censoredCountryCodes { - // Reports of censorship in: - return @[ + // Domain fronting should be used for the following countries. + // + // For each country, we should the appropriate google domain, + // per: https://en.wikipedia.org/wiki/List_of_Google_domains + return @{ // Egypt - @"+20", + @"+20": @"google.com.eg", // Cuba - @"+53", + @"+53": @"google.com.cu", // Oman - @"+968", + @"+968": @"google.com.om", // UAE - @"+971", + @"+971": @"google.com.ae", // Iran - @"+98", - ]; + // + // There does not appear to be a specific Google domain for Iran. + @"+98": @"google.com", + }; } - (BOOL)isCensoredPhoneNumber:(NSString *)e164PhonNumber { - for (NSString *countryCode in self.censoredCountryCodes) { + for (NSString *countryCode in self.censoredCountryCodes.allKeys) { if ([e164PhonNumber hasPrefix:countryCode]) { return YES; } diff --git a/src/Network/OWSSignalService.m b/src/Network/OWSSignalService.m index 30a6b08cd..d4dd8b995 100644 --- a/src/Network/OWSSignalService.m +++ b/src/Network/OWSSignalService.m @@ -69,8 +69,11 @@ NS_ASSUME_NONNULL_BEGIN - (AFHTTPSessionManager *)reflectorHTTPSessionManager { + NSString *localNumber = [TSAccountManager localNumber]; + OWSAssert(localNumber.length > 0); + // Target fronting domain - NSURL *baseURL = [[NSURL alloc] initWithString:self.censorshipConfiguration.frontingHost]; + NSURL *baseURL = [[NSURL alloc] initWithString:[self.censorshipConfiguration frontingHost:localNumber]]; NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration; AFHTTPSessionManager *sessionManager = [[AFHTTPSessionManager alloc] initWithBaseURL:baseURL sessionConfiguration:sessionConf]; diff --git a/src/Util/Cryptography.m b/src/Util/Cryptography.m index e454a6f79..22db2b09d 100755 --- a/src/Util/Cryptography.m +++ b/src/Util/Cryptography.m @@ -10,7 +10,6 @@ #import #import "Cryptography.h" - #import "NSData+Base64.h" #define HMAC256_KEY_LENGTH 32