Skip to content

Commit 9aed234

Browse files
greyson-signalgreyson-signal
committed
Attempt to resolve connectivity problems for some users.
1 parent 733d54e commit 9aed234

File tree

2 files changed

+84
-16
lines changed

2 files changed

+84
-16
lines changed

‎res/raw/censorship_fronting.store

4.15 KB
Binary file not shown.

‎src/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.java

+84-16
Original file line numberDiff line numberDiff line change
@@ -29,43 +29,111 @@ public class SignalServiceNetworkAccess {
2929
private static final String COUNTRY_CODE_OMAN = "+968";
3030
private static final String COUNTRY_CODE_QATAR = "+974";
3131

32-
private static final String SERVICE_REFLECTOR_HOST = "textsecure-service-reflected.whispersystems.org";
32+
private static final String SERVICE_REFLECTOR_HOST = "europe-west1-signal-cdn-reflector.cloudfunctions.net";
3333

34-
private static final ConnectionSpec SOUQ_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
34+
private static final ConnectionSpec GMAPS_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
35+
.tlsVersions(TlsVersion.TLS_1_2)
36+
.cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
37+
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
38+
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
39+
CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
40+
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
41+
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
42+
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
43+
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
44+
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
45+
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
46+
CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
47+
CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
48+
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
49+
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
50+
.supportsTlsExtensions(true)
51+
.build();
52+
53+
private static final ConnectionSpec GMAIL_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
54+
.tlsVersions(TlsVersion.TLS_1_2)
55+
.cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
56+
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
57+
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
58+
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
59+
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
60+
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
61+
CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
62+
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
63+
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
64+
.supportsTlsExtensions(true)
65+
.build();
66+
67+
private static final ConnectionSpec PLAY_CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
3568
.tlsVersions(TlsVersion.TLS_1_2)
3669
.cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
3770
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
38-
CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
3971
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
4072
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
4173
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
4274
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
43-
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
44-
CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
4575
CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
4676
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
4777
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA)
4878
.supportsTlsExtensions(true)
4979
.build();
5080

81+
5182
private final Map<String, SignalServiceConfiguration> censorshipConfiguration;
5283
private final String[] censoredCountries;
5384
private final SignalServiceConfiguration uncensoredConfiguration;
5485

5586
public SignalServiceNetworkAccess(Context context) {
56-
final TrustStore trustStore = new DomainFrontingTrustStore(context);
57-
final SignalServiceUrl service = new SignalServiceUrl("https://cms.souqcdn.com", SERVICE_REFLECTOR_HOST, trustStore, SOUQ_CONNECTION_SPEC);
58-
final SignalCdnUrl serviceCdn = new SignalCdnUrl("https://cms.souqcdn.com", SERVICE_REFLECTOR_HOST, trustStore, SOUQ_CONNECTION_SPEC);
59-
final SignalContactDiscoveryUrl serviceContact = new SignalContactDiscoveryUrl("https://cms.souqcdn.com", SERVICE_REFLECTOR_HOST, trustStore, SOUQ_CONNECTION_SPEC);
60-
final SignalServiceConfiguration serviceConfig = new SignalServiceConfiguration(new SignalServiceUrl[] { service },
61-
new SignalCdnUrl[] { serviceCdn },
62-
new SignalContactDiscoveryUrl[] { serviceContact });
87+
88+
final TrustStore trustStore = new DomainFrontingTrustStore(context);
89+
final SignalServiceUrl baseGoogleService = new SignalServiceUrl("https://www.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
90+
final SignalServiceUrl baseAndroidService = new SignalServiceUrl("https://android.clients.google.com", SERVICE_REFLECTOR_HOST, trustStore, PLAY_CONNECTION_SPEC);
91+
final SignalServiceUrl mapsOneAndroidService = new SignalServiceUrl("https://clients3.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
92+
final SignalServiceUrl mapsTwoAndroidService = new SignalServiceUrl("https://clients4.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
93+
final SignalServiceUrl mailAndroidService = new SignalServiceUrl("https://inbox.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
94+
final SignalServiceUrl egyptGoogleService = new SignalServiceUrl("https://www.google.com.eg", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
95+
final SignalServiceUrl uaeGoogleService = new SignalServiceUrl("https://www.google.com.ae", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
96+
final SignalServiceUrl omanGoogleService = new SignalServiceUrl("https://www.google.com.om", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
97+
final SignalServiceUrl qatarGoogleService = new SignalServiceUrl("https://www.google.com.qa", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
98+
99+
final SignalCdnUrl baseGoogleCdn = new SignalCdnUrl("https://www.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
100+
final SignalCdnUrl baseAndroidCdn = new SignalCdnUrl("https://android.clients.google.com", SERVICE_REFLECTOR_HOST, trustStore, PLAY_CONNECTION_SPEC);
101+
final SignalCdnUrl mapsOneAndroidCdn = new SignalCdnUrl("https://clients3.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
102+
final SignalCdnUrl mapsTwoAndroidCdn = new SignalCdnUrl("https://clients4.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
103+
final SignalCdnUrl mailAndroidCdn = new SignalCdnUrl("https://inbox.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
104+
final SignalCdnUrl egyptGoogleCdn = new SignalCdnUrl("https://www.google.com.eg", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
105+
final SignalCdnUrl uaeGoogleCdn = new SignalCdnUrl("https://www.google.com.ae", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
106+
final SignalCdnUrl omanGoogleCdn = new SignalCdnUrl("https://www.google.com.om", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
107+
final SignalCdnUrl qatarGoogleCdn = new SignalCdnUrl("https://www.google.com.qa", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
108+
109+
final SignalContactDiscoveryUrl baseGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
110+
final SignalContactDiscoveryUrl baseAndroidDiscovery = new SignalContactDiscoveryUrl("https://android.clients.google.com", SERVICE_REFLECTOR_HOST, trustStore, PLAY_CONNECTION_SPEC);
111+
final SignalContactDiscoveryUrl mapsOneAndroidDiscovery = new SignalContactDiscoveryUrl("https://clients3.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
112+
final SignalContactDiscoveryUrl mapsTwoAndroidDiscovery = new SignalContactDiscoveryUrl("https://clients4.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAPS_CONNECTION_SPEC);
113+
final SignalContactDiscoveryUrl mailAndroidDiscovery = new SignalContactDiscoveryUrl("https://inbox.google.com", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
114+
final SignalContactDiscoveryUrl egyptGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.eg", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
115+
final SignalContactDiscoveryUrl uaeGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.ae", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
116+
final SignalContactDiscoveryUrl omanGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.om", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
117+
final SignalContactDiscoveryUrl qatarGoogleDiscovery = new SignalContactDiscoveryUrl("https://www.google.com.qa", SERVICE_REFLECTOR_HOST, trustStore, GMAIL_CONNECTION_SPEC);
118+
63119

64120
this.censorshipConfiguration = new HashMap<String, SignalServiceConfiguration>() {{
65-
put(COUNTRY_CODE_EGYPT, serviceConfig);
66-
put(COUNTRY_CODE_UAE, serviceConfig);
67-
put(COUNTRY_CODE_OMAN, serviceConfig);
68-
put(COUNTRY_CODE_QATAR, serviceConfig);
121+
put(COUNTRY_CODE_EGYPT, new SignalServiceConfiguration(new SignalServiceUrl[] {egyptGoogleService, baseGoogleService, baseAndroidService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService},
122+
new SignalCdnUrl[] {egyptGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn, mailAndroidCdn},
123+
new SignalContactDiscoveryUrl[] {egyptGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery}));
124+
125+
put(COUNTRY_CODE_UAE, new SignalServiceConfiguration(new SignalServiceUrl[] {uaeGoogleService, baseAndroidService, baseGoogleService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService},
126+
new SignalCdnUrl[] {uaeGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn},
127+
new SignalContactDiscoveryUrl[] {uaeGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery}));
128+
129+
put(COUNTRY_CODE_OMAN, new SignalServiceConfiguration(new SignalServiceUrl[] {omanGoogleService, baseAndroidService, baseGoogleService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService},
130+
new SignalCdnUrl[] {omanGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn},
131+
new SignalContactDiscoveryUrl[] {omanGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery}));
132+
133+
134+
put(COUNTRY_CODE_QATAR, new SignalServiceConfiguration(new SignalServiceUrl[] {qatarGoogleService, baseAndroidService, baseGoogleService, mapsOneAndroidService, mapsTwoAndroidService, mailAndroidService},
135+
new SignalCdnUrl[] {qatarGoogleCdn, baseAndroidCdn, baseGoogleCdn, mapsOneAndroidCdn, mapsTwoAndroidCdn, mailAndroidCdn},
136+
new SignalContactDiscoveryUrl[] {qatarGoogleDiscovery, baseGoogleDiscovery, baseAndroidDiscovery, mapsOneAndroidDiscovery, mapsTwoAndroidDiscovery, mailAndroidDiscovery}));
69137
}};
70138

71139
this.uncensoredConfiguration = new SignalServiceConfiguration(new SignalServiceUrl[] {new SignalServiceUrl(BuildConfig.SIGNAL_URL, new SignalServiceTrustStore(context))},

0 commit comments

Comments
 (0)