From ca9181ee3fb154cecf5a9470f6724c06b4021245 Mon Sep 17 00:00:00 2001
From: akwizgran <michael@briarproject.org>
Date: Sat, 9 Mar 2024 20:52:32 +0000
Subject: [PATCH] Upgrade onionwrapper to 0.1.0 and snowflake to 2.9.1.

---
 .../plugin/tor/AndroidTorPluginFactory.java   |  8 +-------
 bramble-android/witness.gradle                |  6 +++---
 .../bramble/api/plugin/TorConstants.java      |  1 +
 .../bramble/plugin/tor/TorPlugin.java         | 19 +++++--------------
 bramble-core/witness.gradle                   |  2 +-
 .../plugin/tor/MacTorPluginFactory.java       |  3 +--
 .../plugin/tor/UnixTorPluginFactory.java      |  2 +-
 .../plugin/tor/WindowsTorPluginFactory.java   |  2 +-
 bramble-java/witness.gradle                   |  4 ++--
 briar-headless/witness.gradle                 | 10 +++++-----
 build.gradle                                  |  4 ++--
 11 files changed, 23 insertions(+), 38 deletions(-)

diff --git a/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java b/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java
index a5ccf6afe..b63261d28 100644
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java
@@ -31,7 +31,6 @@ import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 import javax.net.SocketFactory;
 
-import static android.os.Build.VERSION.SDK_INT;
 import static org.briarproject.bramble.util.AndroidUtils.getSupportedArchitectures;
 
 @Immutable
@@ -86,15 +85,10 @@ public class AndroidTorPluginFactory extends TorPluginFactory {
 		TorWrapper tor = new AndroidTorWrapper(app, wakeLockManager,
 				ioExecutor, eventExecutor, architecture, torDirectory,
 				torSocksPort, torControlPort);
-		// Android versions 7.1 and newer can verify Let's Encrypt TLS certs
-		// signed with the IdentTrust DST Root X3 certificate. Older versions
-		// of Android consider the certificate to have expired at the end of
-		// September 2021.
-		boolean canVerifyLetsEncryptCerts = SDK_INT >= 25;
 		return new TorPlugin(ioExecutor, wakefulIoExecutor,
 				networkManager, locationUtils, torSocketFactory,
 				circumventionProvider, batteryManager, backoff,
 				torRendezvousCrypto, tor, callback, MAX_LATENCY,
-				MAX_IDLE_TIME, canVerifyLetsEncryptCerts);
+				MAX_IDLE_TIME);
 	}
 }
diff --git a/bramble-android/witness.gradle b/bramble-android/witness.gradle
index e9280c6ef..66bf71cba 100644
--- a/bramble-android/witness.gradle
+++ b/bramble-android/witness.gradle
@@ -29,9 +29,9 @@ dependencyVerification {
 		'org.briarproject:jtorctl:0.5:jtorctl-0.5.jar:43f8c7d390169772b9a2c82ab806c8414c136a2a8636c555e22754bb7260793b',
 		'org.briarproject:null-safety:0.1:null-safety-0.1.jar:161760de5e838cb982bafa973df820675d4397098e9a91637a36a306d43ba011',
 		'org.briarproject:obfs4proxy-android:0.0.14-tor2:obfs4proxy-android-0.0.14-tor2.jar:a0a93770d6760ce57d9dbd31cc7177687374e00c3361dac22ab75e3b6e0f289e',
-		'org.briarproject:onionwrapper-android:0.0.7:onionwrapper-android-0.0.7.aar:d761854dac454616b3e0ca099b2cd17060365ce4316afe495cc7ae86b6c81d15',
-		'org.briarproject:onionwrapper-core:0.0.7:onionwrapper-core-0.0.7.jar:918b5851f4a05a3bc0835bc7c81d70e598a178c79856fe5c506c261889f4b3fd',
-		'org.briarproject:snowflake-android:2.5.1:snowflake-android-2.5.1.jar:88ec81c17b1b6fa884d06839dec0330e328b45c89f88c970a213ce91ca8eac87',
+		'org.briarproject:onionwrapper-android:0.1.0:onionwrapper-android-0.1.0.aar:d761854dac454616b3e0ca099b2cd17060365ce4316afe495cc7ae86b6c81d15',
+		'org.briarproject:onionwrapper-core:0.1.0:onionwrapper-core-0.1.0.jar:3e6631771b891c959403f6145de034c6f9816e7d067808d534f954eef9a1ca35',
+		'org.briarproject:snowflake-android:2.9.1:snowflake-android-2.9.1.jar:8d6195637edbe3717d205c2e524e9d3cb742b90fc67b10565d16262af134e489',
 		'org.briarproject:tor-android:0.4.8.9-1:tor-android-0.4.8.9-1.jar:8fbaaf0cb1663abd12852b7fc51a804534b7e7d865b4dec3fc4e9ec0e79f3ad5',
 		'org.checkerframework:checker-compat-qual:2.5.5:checker-compat-qual-2.5.5.jar:11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a',
 		'org.checkerframework:checker-qual:3.12.0:checker-qual-3.12.0.jar:ff10785ac2a357ec5de9c293cb982a2cbb605c0309ea4cc1cb9b9bc6dbe7f3cb',
diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java
index 50527536c..0285aa179 100644
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java
@@ -46,6 +46,7 @@ public interface TorConstants {
 
 	/**
 	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
+	 * Currently unused, but may be worth keeping for future use.
 	 */
 	int REASON_COUNTRY_BLOCKED = 8;
 }
diff --git a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java
index 5dd066e94..ab6ac6b44 100644
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java
@@ -75,7 +75,6 @@ import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_ONLY_WHE
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_PORT;
 import static org.briarproject.bramble.api.plugin.TorConstants.PROP_ONION_V3;
 import static org.briarproject.bramble.api.plugin.TorConstants.REASON_BATTERY;
-import static org.briarproject.bramble.api.plugin.TorConstants.REASON_COUNTRY_BLOCKED;
 import static org.briarproject.bramble.api.plugin.TorConstants.REASON_MOBILE_DATA;
 import static org.briarproject.bramble.plugin.tor.TorRendezvousCrypto.SEED_BYTES;
 import static org.briarproject.bramble.util.IoUtils.tryToClose;
@@ -106,7 +105,6 @@ class TorPlugin implements DuplexPlugin, EventListener {
 	private final PluginCallback callback;
 	private final long maxLatency;
 	private final int maxIdleTime;
-	private final boolean canVerifyLetsEncryptCerts;
 	private final int socketTimeout;
 	private final AtomicBoolean used = new AtomicBoolean(false);
 
@@ -126,8 +124,7 @@ class TorPlugin implements DuplexPlugin, EventListener {
 			TorWrapper tor,
 			PluginCallback callback,
 			long maxLatency,
-			int maxIdleTime,
-			boolean canVerifyLetsEncryptCerts) {
+			int maxIdleTime) {
 		this.ioExecutor = ioExecutor;
 		this.wakefulIoExecutor = wakefulIoExecutor;
 		this.networkManager = networkManager;
@@ -141,7 +138,6 @@ class TorPlugin implements DuplexPlugin, EventListener {
 		this.callback = callback;
 		this.maxLatency = maxLatency;
 		this.maxIdleTime = maxIdleTime;
-		this.canVerifyLetsEncryptCerts = canVerifyLetsEncryptCerts;
 		if (maxIdleTime > Integer.MAX_VALUE / 2) {
 			socketTimeout = Integer.MAX_VALUE;
 		} else {
@@ -297,7 +293,7 @@ class TorPlugin implements DuplexPlugin, EventListener {
 			List<String> bridges = new ArrayList<>();
 			for (BridgeType bridgeType : bridgeTypes) {
 				bridges.addAll(circumventionProvider.getBridges(bridgeType,
-						countryCode, canVerifyLetsEncryptCerts));
+						countryCode));
 			}
 			tor.enableBridges(bridges);
 		}
@@ -491,8 +487,8 @@ class TorPlugin implements DuplexPlugin, EventListener {
 			boolean wifi = status.isWifi();
 			boolean ipv6Only = status.isIpv6Only();
 			String country = locationUtils.getCurrentCountry();
-			boolean blocked =
-					circumventionProvider.isTorProbablyBlocked(country);
+			boolean bridgesByDefault =
+					circumventionProvider.shouldUseBridges(country);
 			boolean enabledByUser = settings.getBoolean(PREF_PLUGIN_ENABLE,
 					DEFAULT_PREF_PLUGIN_ENABLE);
 			int network = settings.getInt(PREF_TOR_NETWORK,
@@ -502,7 +498,6 @@ class TorPlugin implements DuplexPlugin, EventListener {
 			boolean onlyWhenCharging =
 					settings.getBoolean(PREF_TOR_ONLY_WHEN_CHARGING,
 							DEFAULT_PREF_TOR_ONLY_WHEN_CHARGING);
-			boolean bridgesWork = circumventionProvider.doBridgesWork(country);
 			boolean automatic = network == PREF_TOR_NETWORK_AUTOMATIC;
 
 			if (LOG.isLoggable(INFO)) {
@@ -532,10 +527,6 @@ class TorPlugin implements DuplexPlugin, EventListener {
 					LOG.info("Configured not to use mobile data");
 					reasonsDisabled |= REASON_MOBILE_DATA;
 				}
-				if (automatic && blocked && !bridgesWork) {
-					LOG.info("Country is blocked");
-					reasonsDisabled |= REASON_COUNTRY_BLOCKED;
-				}
 
 				if (reasonsDisabled != 0) {
 					LOG.info("Disabling network due to settings");
@@ -543,7 +534,7 @@ class TorPlugin implements DuplexPlugin, EventListener {
 					LOG.info("Enabling network");
 					enableNetwork = true;
 					if (network == PREF_TOR_NETWORK_WITH_BRIDGES ||
-							(automatic && bridgesWork)) {
+							(automatic && bridgesByDefault)) {
 						if (ipv6Only) {
 							bridgeTypes = asList(MEEK, SNOWFLAKE);
 						} else {
diff --git a/bramble-core/witness.gradle b/bramble-core/witness.gradle
index 03eb85227..c0321062b 100644
--- a/bramble-core/witness.gradle
+++ b/bramble-core/witness.gradle
@@ -36,7 +36,7 @@ dependencyVerification {
 		'org.bouncycastle:bcprov-jdk15to18:1.71:bcprov-jdk15to18-1.71.jar:143aaa4a40edd5fc2a18db7900059f6c16f4d931b94b94b20f7e2238e6662886',
 		'org.briarproject:jtorctl:0.5:jtorctl-0.5.jar:43f8c7d390169772b9a2c82ab806c8414c136a2a8636c555e22754bb7260793b',
 		'org.briarproject:null-safety:0.1:null-safety-0.1.jar:161760de5e838cb982bafa973df820675d4397098e9a91637a36a306d43ba011',
-		'org.briarproject:onionwrapper-core:0.0.7:onionwrapper-core-0.0.7.jar:918b5851f4a05a3bc0835bc7c81d70e598a178c79856fe5c506c261889f4b3fd',
+		'org.briarproject:onionwrapper-core:0.1.0:onionwrapper-core-0.1.0.jar:3e6631771b891c959403f6145de034c6f9816e7d067808d534f954eef9a1ca35',
 		'org.briarproject:socks-socket:0.1:socks-socket-0.1.jar:e5898822d10f5390363c5dddb945891648c92cf93ba50709e07f0d173ec0eb4b',
 		'org.checkerframework:checker-compat-qual:2.5.5:checker-compat-qual-2.5.5.jar:11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a',
 		'org.checkerframework:checker-qual:3.12.0:checker-qual-3.12.0.jar:ff10785ac2a357ec5de9c293cb982a2cbb605c0309ea4cc1cb9b9bc6dbe7f3cb',
diff --git a/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/MacTorPluginFactory.java b/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/MacTorPluginFactory.java
index 46d7c9f01..c77ce99c2 100644
--- a/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/MacTorPluginFactory.java
+++ b/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/MacTorPluginFactory.java
@@ -19,7 +19,6 @@ import org.briarproject.onionwrapper.CircumventionProvider;
 import org.briarproject.onionwrapper.LocationUtils;
 import org.briarproject.onionwrapper.MacTorWrapper;
 import org.briarproject.onionwrapper.TorWrapper;
-import org.briarproject.onionwrapper.UnixTorWrapper;
 
 import java.io.File;
 import java.util.concurrent.Executor;
@@ -80,6 +79,6 @@ public class MacTorPluginFactory extends TorPluginFactory {
 		return new TorPlugin(ioExecutor, wakefulIoExecutor, networkManager,
 				locationUtils, torSocketFactory, circumventionProvider,
 				batteryManager, backoff, torRendezvousCrypto, tor, callback,
-				MAX_LATENCY, MAX_IDLE_TIME, true);
+				MAX_LATENCY, MAX_IDLE_TIME);
 	}
 }
diff --git a/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/UnixTorPluginFactory.java b/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/UnixTorPluginFactory.java
index f3b72aaed..758723310 100644
--- a/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/UnixTorPluginFactory.java
+++ b/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/UnixTorPluginFactory.java
@@ -81,6 +81,6 @@ public class UnixTorPluginFactory extends TorPluginFactory {
 		return new TorPlugin(ioExecutor, wakefulIoExecutor, networkManager,
 				locationUtils, torSocketFactory, circumventionProvider,
 				batteryManager, backoff, torRendezvousCrypto, tor, callback,
-				MAX_LATENCY, MAX_IDLE_TIME, true);
+				MAX_LATENCY, MAX_IDLE_TIME);
 	}
 }
diff --git a/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/WindowsTorPluginFactory.java b/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/WindowsTorPluginFactory.java
index b282ed42c..a2f5cec0a 100644
--- a/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/WindowsTorPluginFactory.java
+++ b/bramble-java/src/main/java/org/briarproject/bramble/plugin/tor/WindowsTorPluginFactory.java
@@ -78,6 +78,6 @@ public class WindowsTorPluginFactory extends TorPluginFactory {
 		return new TorPlugin(ioExecutor, wakefulIoExecutor, networkManager,
 				locationUtils, torSocketFactory, circumventionProvider,
 				batteryManager, backoff, torRendezvousCrypto, tor, callback,
-				MAX_LATENCY, MAX_IDLE_TIME, true);
+				MAX_LATENCY, MAX_IDLE_TIME);
 	}
 }
diff --git a/bramble-java/witness.gradle b/bramble-java/witness.gradle
index 24036a1fa..e895a6c9a 100644
--- a/bramble-java/witness.gradle
+++ b/bramble-java/witness.gradle
@@ -27,8 +27,8 @@ dependencyVerification {
 		'org.apache-extras.beanshell:bsh:2.0b6:bsh-2.0b6.jar:a17955976070c0573235ee662f2794a78082758b61accffce8d3f8aedcd91047',
 		'org.briarproject:jtorctl:0.5:jtorctl-0.5.jar:43f8c7d390169772b9a2c82ab806c8414c136a2a8636c555e22754bb7260793b',
 		'org.briarproject:null-safety:0.1:null-safety-0.1.jar:161760de5e838cb982bafa973df820675d4397098e9a91637a36a306d43ba011',
-		'org.briarproject:onionwrapper-core:0.0.7:onionwrapper-core-0.0.7.jar:918b5851f4a05a3bc0835bc7c81d70e598a178c79856fe5c506c261889f4b3fd',
-		'org.briarproject:onionwrapper-java:0.0.7:onionwrapper-java-0.0.7.jar:48115772d4348eab6f35e562ae648dd9d7398adb99e5429afb64a62c82f3d27c',
+		'org.briarproject:onionwrapper-core:0.1.0:onionwrapper-core-0.1.0.jar:3e6631771b891c959403f6145de034c6f9816e7d067808d534f954eef9a1ca35',
+		'org.briarproject:onionwrapper-java:0.1.0:onionwrapper-java-0.1.0.jar:c1a961c73f06d28e2a63c301d4e747398745bfc9709ade4ae3ba8818c6849fe0',
 		'org.checkerframework:checker-compat-qual:2.5.5:checker-compat-qual-2.5.5.jar:11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a',
 		'org.checkerframework:checker-qual:3.12.0:checker-qual-3.12.0.jar:ff10785ac2a357ec5de9c293cb982a2cbb605c0309ea4cc1cb9b9bc6dbe7f3cb',
 		'org.hamcrest:hamcrest-core:2.1:hamcrest-core-2.1.jar:e09109e54a289d88506b9bfec987ddd199f4217c9464132668351b9a4f00bee9',
diff --git a/briar-headless/witness.gradle b/briar-headless/witness.gradle
index 975d23451..f55f99774 100644
--- a/briar-headless/witness.gradle
+++ b/briar-headless/witness.gradle
@@ -46,11 +46,11 @@ dependencyVerification {
 		'org.briarproject:obfs4proxy-linux:0.0.14-tor2:obfs4proxy-linux-0.0.14-tor2.jar:bb2431092b5ad998ad620b0223e725c0f7e43f1b02af2f097a2544edc1fd9738',
 		'org.briarproject:obfs4proxy-macos:0.0.14-tor2:obfs4proxy-macos-0.0.14-tor2.jar:4a688d3a14d2510dd312213488c8f39ee08e609e47a7300aa12e31ceacb16ce2',
 		'org.briarproject:obfs4proxy-windows:0.0.14-tor2:obfs4proxy-windows-0.0.14-tor2.jar:b5fbd00a8c35ccf095b265370752390e4cd46055331049c4dfcc236dc9c650ac',
-		'org.briarproject:onionwrapper-core:0.0.7:onionwrapper-core-0.0.7.jar:918b5851f4a05a3bc0835bc7c81d70e598a178c79856fe5c506c261889f4b3fd',
-		'org.briarproject:onionwrapper-java:0.0.7:onionwrapper-java-0.0.7.jar:48115772d4348eab6f35e562ae648dd9d7398adb99e5429afb64a62c82f3d27c',
-		'org.briarproject:snowflake-linux:2.5.1:snowflake-linux-2.5.1.jar:edc807dcb7758365970d95525e4749349a27f462d0e2df6505ad1ca65fb296d2',
-		'org.briarproject:snowflake-macos:2.5.1:snowflake-macos-2.5.1.jar:f6d59471d476860950bb639ac318920caa460c4d6d023cbd6547c742949c84f0',
-		'org.briarproject:snowflake-windows:2.5.1:snowflake-windows-2.5.1.jar:700ec9c68dc033f544daa4ca3547c89e523aed66500cf4b3ac51fe017c51e7be',
+		'org.briarproject:onionwrapper-core:0.1.0:onionwrapper-core-0.1.0.jar:3e6631771b891c959403f6145de034c6f9816e7d067808d534f954eef9a1ca35',
+		'org.briarproject:onionwrapper-java:0.1.0:onionwrapper-java-0.1.0.jar:c1a961c73f06d28e2a63c301d4e747398745bfc9709ade4ae3ba8818c6849fe0',
+		'org.briarproject:snowflake-linux:2.9.1:snowflake-linux-2.9.1.jar:36b2f406f67a1bf3b4a6cecbba2e153ad939209cc9c22299e4161019dbae0e03',
+		'org.briarproject:snowflake-macos:2.9.1:snowflake-macos-2.9.1.jar:0344fbac47026933c416bb25ffb534c819025db5dc9f132621492f959149807b',
+		'org.briarproject:snowflake-windows:2.9.1:snowflake-windows-2.9.1.jar:54ac2f66c907bf1a256d695b7ea292851f7f8f8f960d5fb4822daa9babc182d4',
 		'org.briarproject:tor-linux:0.4.8.9-1:tor-linux-0.4.8.9-1.jar:601b7bd5f0872f9501ef438bd3ce5ed22f8a3a7b77d6f2b063852987d87ed853',
 		'org.briarproject:tor-macos:0.4.8.9-1:tor-macos-0.4.8.9-1.jar:8a01ce4c87399ae101f64249497e5406a737b55b87a79ae484ed061f3ea7387e',
 		'org.briarproject:tor-windows:0.4.8.9-1:tor-windows-0.4.8.9-1.jar:e122e632fdcd4caa3c59f50f51168ec7ae235315bc0798391ba37b60766257b3',
diff --git a/build.gradle b/build.gradle
index f791e6d21..8fa1ac92c 100644
--- a/build.gradle
+++ b/build.gradle
@@ -31,13 +31,13 @@ buildscript {
 		jackson_version = "2.13.4"
 		tor_version = "0.4.8.9-1"
 		obfs4proxy_version = "0.0.14-tor2"
-		snowflake_version = "2.5.1"
+		snowflake_version = "2.9.1"
 		jsoup_version = '1.15.3'
 		bouncy_castle_version = '1.71' // 1.72 accidentally depends on Java 7
 		junit_version = "4.13.2"
 		jmock_version = '2.12.0'
 		mockwebserver_version = '4.10.0'
-		onionwrapper_version = '0.0.7'
+		onionwrapper_version = '0.1.0'
 	}
 	dependencies {
 		// upgrading this let's us run into https://github.com/gradle/gradle/issues/20330