Add CLDR region as a dimension

All accounts now have UAKs in top-level attributes

.editorconfig

@@ -146,7 +146,7 @@ ij_java_generate_final_parameters = true
 ij_java_if_brace_force = always
 ij_java_imports_layout = $*,|,*
 ij_java_indent_case_from_switch = true
-ij_java_insert_inner_class_imports = true
+ij_java_insert_inner_class_imports = false
 ij_java_insert_override_annotation = true
 ij_java_keep_blank_lines_before_right_brace = 2
 ij_java_keep_blank_lines_between_package_declaration_and_header = 2

.github/workflows/test.yml

@@ -8,17 +8,11 @@ jobs:
 
     steps:
       - uses: actions/checkout@v2
-      - name: Set up JDK 11
-        uses: actions/setup-java@v2
+      - name: Set up JDK 17
+        uses: actions/setup-java@3bc31aaf88e8fc94dc1e632d48af61be5ca8721c
         with:
-          distribution: 'adopt'
-          java-version: 11
-      - name: Cache local Maven repository
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          distribution: 'temurin'
+          java-version: 17
+          cache: 'maven'
       - name: Build with Maven
         run: mvn -e -B verify

.gitignore

@@ -9,12 +9,20 @@ config/production.yml
 config/federated.yml
 config/staging.yml
 config/testing.yml
-service/config/production.yml
-service/config/federated.yml
-service/config/staging.yml
-service/config/testing.yml
+config/deploy.properties
+/service/config/production.yml
+/service/config/federated.yml
+/service/config/staging.yml
+/service/config/testing.yml
+/service/config/deploy.properties
+/service/dependency-reduced-pom.xml
 .opsmanage
 put.sh
 deployer-staging.properties
 deployer-production.properties
 deployer.log
+/service/src/main/resources/org/signal/badges/Badges_*.properties
+!/service/src/main/resources/org/signal/badges/Badges_en.properties
+/service/src/main/resources/org/signal/subscriptions/Subscriptions_*.properties
+!/service/src/main/resources/org/signal/subscriptions/Subscriptions_en.properties
+/.tx/config

.gitmodules

@@ -0,0 +1,11 @@
+# Note that the implementation of the abusive message filter is private; internal
+# developers will need to override this URL with:
+#
+# ```
+# git config submodule.abusive-message-filter.url PRIVATE_URL
+# ```
+#
+# External developers may safely ignore this submodule.
+[submodule "abusive-message-filter"]
+	path = abusive-message-filter
+	url = REDACTED

.mvn/extensions.xml

@@ -0,0 +1,9 @@
+<extensions xmlns="http://maven.apache.org/EXTENSIONS/1.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/EXTENSIONS/1.0.0 http://maven.apache.org/xsd/core-extensions-1.0.0.xsd">
+  <extension>
+    <groupId>fr.brouillard.oss</groupId>
+    <artifactId>jgitver-maven-plugin</artifactId>
+    <version>1.7.1</version>
+  </extension>
+</extensions>

.mvn/jgitver.config.xml

@@ -0,0 +1,14 @@
+<configuration xmlns="http://jgitver.github.io/maven/configuration/1.1.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://jgitver.github.io/maven/configuration/1.1.0 https://jgitver.github.io/maven/configuration/jgitver-configuration-v1_1_0.xsd">
+  <useDirty>true</useDirty>
+  <useDefaultBranchingPolicy>false</useDefaultBranchingPolicy>
+  <branchPolicies>
+    <branchPolicy>
+      <pattern>(.*)</pattern>
+      <transformations>
+        <transformation>IGNORE</transformation>
+      </transformations>
+    </branchPolicy>
+  </branchPolicies>
+</configuration>

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   https://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.5/apache-maven-3.8.5-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar

LICENSE

@@ -615,3 +615,47 @@ reviewing courts shall apply local law that most closely approximates
 an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

README.md

@@ -13,7 +13,7 @@ Cryptography Notice
 
 This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software.
 BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
-See <http://www.wassenaar.org/> for more information.
+See <https://www.wassenaar.org/> for more information.
 
 The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms.
 The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
@@ -21,6 +21,6 @@ The form and manner of this distribution makes it eligible for export under the
 License
 ---------------------
 
-Copyright 2013-2021 Signal Messenger, LLC
+Copyright 2013-2022 Signal Messenger, LLC
 
 Licensed under the AGPLv3: https://www.gnu.org/licenses/agpl-3.0.html

gcm-sender-async/pom.xml

@@ -1,50 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <parent>
-    <artifactId>TextSecureServer</artifactId>
-    <groupId>org.whispersystems.textsecure</groupId>
-    <version>1.0</version>
-  </parent>
-  <modelVersion>4.0.0</modelVersion>
-
-  <artifactId>gcm-sender-async</artifactId>
-  <version>${TextSecureServer.version}</version>
-
-  <dependencies>
-    <dependency>
-      <groupId>io.github.resilience4j</groupId>
-      <artifactId>resilience4j-retry</artifactId>
-      <version>${resilience4j.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>com.fasterxml.jackson.core</groupId>
-      <artifactId>jackson-core</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.fasterxml.jackson.core</groupId>
-      <artifactId>jackson-annotations</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.fasterxml.jackson.core</groupId>
-      <artifactId>jackson-databind</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.google.guava</groupId>
-      <artifactId>guava</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.httpcomponents</groupId>
-      <artifactId>httpclient</artifactId>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <scope>test</scope>
-    </dependency>
-  </dependencies>
-
-</project>
-

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/AuthenticationFailedException.java

@@ -1,9 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-
-public class AuthenticationFailedException extends Exception {
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/InvalidRequestException.java

@@ -1,9 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-
-public class InvalidRequestException extends Exception {
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/Message.java

@@ -1,144 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.whispersystems.gcm.server.internal.GcmRequestEntity;
-
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-public class Message {
-
-  private static final ObjectMapper objectMapper = new ObjectMapper();
-
-  private final String              collapseKey;
-  private final Long                ttl;
-  private final Boolean             delayWhileIdle;
-  private final Map<String, String> data;
-  private final List<String>        registrationIds;
-  private final String              priority;
-
-  private Message(String collapseKey, Long ttl, Boolean delayWhileIdle,
-                  Map<String, String> data, List<String> registrationIds,
-                  String priority)
-  {
-    this.collapseKey     = collapseKey;
-    this.ttl             = ttl;
-    this.delayWhileIdle  = delayWhileIdle;
-    this.data            = data;
-    this.registrationIds = registrationIds;
-    this.priority        = priority;
-  }
-
-  public String serialize() throws JsonProcessingException {
-    GcmRequestEntity requestEntity = new GcmRequestEntity(collapseKey, ttl, delayWhileIdle,
-                                                          data, registrationIds, priority);
-
-    return objectMapper.writeValueAsString(requestEntity);
-  }
-
-  /**
-   * Construct a new Message using a Builder.
-   * @return A new Builder.
-   */
-  public static Builder newBuilder() {
-    return new Builder();
-  }
-
-  public static class Builder {
-
-    private String              collapseKey     = null;
-    private Long                ttl             = null;
-    private Boolean             delayWhileIdle  = null;
-    private Map<String, String> data            = null;
-    private List<String>        registrationIds = new LinkedList<>();
-    private String              priority        = null;
-
-    private Builder() {}
-
-    /**
-     * @param collapseKey The GCM collapse key to use (optional).
-     * @return The Builder.
-     */
-    public Builder withCollapseKey(String collapseKey) {
-      this.collapseKey = collapseKey;
-      return this;
-    }
-
-    /**
-     * @param seconds The TTL (in seconds) for this message (optional).
-     * @return The Builder.
-     */
-    public Builder withTtl(long seconds) {
-      this.ttl = seconds;
-      return this;
-    }
-
-    /**
-     * @param delayWhileIdle Set GCM delay_while_idle (optional).
-     * @return The Builder.
-     */
-    public Builder withDelayWhileIdle(boolean delayWhileIdle) {
-      this.delayWhileIdle = delayWhileIdle;
-      return this;
-    }
-
-    /**
-     * Set a key in the GCM JSON payload delivered to the application (optional).
-     * @param key The key to set.
-     * @param value The value to set.
-     * @return The Builder.
-     */
-    public Builder withDataPart(String key, String value) {
-      if (data == null) {
-        data = new HashMap<>();
-      }
-      data.put(key, value);
-      return this;
-    }
-
-    /**
-     * Set the destination GCM registration ID (mandatory).
-     * @param registrationId The destination GCM registration ID.
-     * @return The Builder.
-     */
-    public Builder withDestination(String registrationId) {
-      this.registrationIds.clear();
-      this.registrationIds.add(registrationId);
-      return this;
-    }
-
-    /**
-     * Set the GCM message priority (optional).
-     *
-     * @param priority Valid values are "normal" and "high."
-     *                 On iOS, these correspond to APNs priority 5 and 10.
-     * @return The Builder.
-     */
-    public Builder withPriority(String priority) {
-      this.priority = priority;
-      return this;
-    }
-
-    /**
-     * Construct a message object.
-     *
-     * @return An immutable message object, as configured by this builder.
-     */
-    public Message build() {
-      if (registrationIds.isEmpty()) {
-        throw new IllegalArgumentException("You must specify a destination!");
-      }
-
-      return new Message(collapseKey, ttl, delayWhileIdle, data, registrationIds, priority);
-    }
-  }
-
-
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/Result.java

@@ -1,80 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-/**
- * The result of a GCM send operation.
- */
-public class Result {
-
-  private final String canonicalRegistrationId;
-  private final String messageId;
-  private final String error;
-
-  Result(String canonicalRegistrationId, String messageId, String error) {
-    this.canonicalRegistrationId = canonicalRegistrationId;
-    this.messageId               = messageId;
-    this.error                   = error;
-  }
-
-  /**
-   * Returns the "canonical" GCM registration ID for this destination.
-   * See GCM documentation for details.
-   * @return The canonical GCM registration ID.
-   */
-  public String getCanonicalRegistrationId() {
-    return canonicalRegistrationId;
-  }
-
-  /**
-   * @return If a "canonical" GCM registration ID is present in the response.
-   */
-  public boolean hasCanonicalRegistrationId() {
-    return canonicalRegistrationId != null && !canonicalRegistrationId.isEmpty();
-  }
-
-  /**
-   * @return The assigned GCM message ID, if successful.
-   */
-  public String getMessageId() {
-    return messageId;
-  }
-
-  /**
-   * @return The raw error string, if present.
-   */
-  public String getError() {
-    return error;
-  }
-
-  /**
-   * @return If the send was a success.
-   */
-  public boolean isSuccess() {
-    return messageId != null && !messageId.isEmpty() && (error == null || error.isEmpty());
-  }
-
-  /**
-   * @return If the destination GCM registration ID is no longer registered.
-   */
-  public boolean isUnregistered() {
-    return "NotRegistered".equals(error);
-  }
-
-  /**
-   * @return If messages to this device are being throttled.
-   */
-  public boolean isThrottled() {
-    return "DeviceMessageRateExceeded".equals(error);
-  }
-
-  /**
-   * @return If the destination GCM registration ID is invalid.
-   */
-  public boolean isInvalidRegistrationId() {
-    return "InvalidRegistration".equals(error);
-  }
-
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/Sender.java

@@ -1,154 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.annotations.VisibleForTesting;
-import io.github.resilience4j.retry.IntervalFunction;
-import io.github.resilience4j.retry.Retry;
-import io.github.resilience4j.retry.RetryConfig;
-import org.whispersystems.gcm.server.internal.GcmResponseEntity;
-import org.whispersystems.gcm.server.internal.GcmResponseListEntity;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.http.HttpClient;
-import java.net.http.HttpRequest;
-import java.net.http.HttpResponse.BodyHandlers;
-import java.security.SecureRandom;
-import java.time.Duration;
-import java.util.List;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.CompletionException;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeoutException;
-
-/**
- * The main interface to sending GCM messages.  Thread safe.
- *
- * @author Moxie Marlinspike
- */
-public class Sender {
-
-  private static final String PRODUCTION_URL = "https://fcm.googleapis.com/fcm/send";
-
-  private final String                   authorizationHeader;
-  private final URI                      uri;
-  private final Retry                    retry;
-  private final ObjectMapper             mapper;
-  private final ScheduledExecutorService executorService;
-
-  private final HttpClient[] clients = new HttpClient[10];
-  private final SecureRandom random  = new SecureRandom();
-
-  /**
-   * Construct a Sender instance.
-   *
-   * @param apiKey Your application's GCM API key.
-   */
-  public Sender(String apiKey, ObjectMapper mapper) {
-    this(apiKey, mapper, 10);
-  }
-
-  /**
-   * Construct a Sender instance with a specified retry count.
-   *
-   * @param apiKey Your application's GCM API key.
-   * @param retryCount The number of retries to attempt on a network error or 500 response.
-   */
-  public Sender(String apiKey, ObjectMapper mapper, int retryCount) {
-    this(apiKey, mapper, retryCount, PRODUCTION_URL);
-  }
-
-  @VisibleForTesting
-  public Sender(String apiKey, ObjectMapper mapper, int retryCount, String url) {
-    this.mapper              = mapper;
-    this.executorService     = Executors.newSingleThreadScheduledExecutor();
-    this.uri                 = URI.create(url);
-    this.authorizationHeader = String.format("key=%s", apiKey);
-    this.retry               = Retry.of("fcm-sender", RetryConfig.custom()
-                                                                       .maxAttempts(retryCount)
-                                                                       .intervalFunction(IntervalFunction.ofExponentialRandomBackoff(Duration.ofMillis(100), 2.0))
-                                                                       .retryOnException(this::isRetryableException)
-                                                                       .build());
-
-    for (int i=0;i<clients.length;i++) {
-      this.clients[i] = HttpClient.newBuilder()
-                                  .version(HttpClient.Version.HTTP_2)
-                                  .connectTimeout(Duration.ofSeconds(10))
-                                  .build();
-    }
-  }
-
-  private boolean isRetryableException(Throwable throwable) {
-    while (throwable instanceof  CompletionException) {
-      throwable = throwable.getCause();
-    }
-
-    return throwable instanceof ServerFailedException ||
-           throwable instanceof  TimeoutException     ||
-           throwable instanceof  IOException;
-  }
-
-  /**
-   * Asynchronously send a message.
-   *
-   * @param message The message to send.
-   * @return A future.
-   */
-  public CompletableFuture<Result> send(Message message) {
-    try {
-      HttpRequest request = HttpRequest.newBuilder()
-                                       .uri(uri)
-                                       .header("Authorization", authorizationHeader)
-                                       .header("Content-Type", "application/json")
-                                       .POST(HttpRequest.BodyPublishers.ofString(message.serialize()))
-                                       .timeout(Duration.ofSeconds(10))
-                                       .build();
-
-      return retry.executeCompletionStage(executorService,
-                                          () -> getClient().sendAsync(request, BodyHandlers.ofByteArray())
-                                                      .thenApply(response -> {
-                                                        switch (response.statusCode()) {
-                                                          case 400: throw new CompletionException(new InvalidRequestException());
-                                                          case 401: throw new CompletionException(new AuthenticationFailedException());
-                                                          case 204:
-                                                          case 200: return response.body();
-                                                          default:  throw new CompletionException(new ServerFailedException("Bad status: " + response.statusCode()));
-                                                        }
-                                                      })
-                                                      .thenApply(responseBytes -> {
-                                                        try {
-                                                          List<GcmResponseEntity> responseList = mapper.readValue(responseBytes, GcmResponseListEntity.class).getResults();
-
-                                                          if (responseList == null || responseList.size() == 0) {
-                                                            throw new CompletionException(new IOException("Empty response list!"));
-                                                          }
-
-                                                          GcmResponseEntity responseEntity = responseList.get(0);
-
-                                                          return new Result(responseEntity.getCanonicalRegistrationId(),
-                                                                            responseEntity.getMessageId(),
-                                                                            responseEntity.getError());
-                                                        } catch (IOException e) {
-                                                          throw new CompletionException(e);
-                                                        }
-                                                      })).toCompletableFuture();
-    } catch (JsonProcessingException e) {
-      return CompletableFuture.failedFuture(e);
-    }
-  }
-
-  public Retry getRetry() {
-    return retry;
-  }
-
-  private HttpClient getClient() {
-    return clients[random.nextInt(clients.length)];
-  }
-
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/ServerFailedException.java

@@ -1,15 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-public class ServerFailedException extends Exception {
-  public ServerFailedException(String message) {
-    super(message);
-  }
-
-  public ServerFailedException(Exception e) {
-    super(e);
-  }
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/internal/GcmRequestEntity.java

@@ -1,46 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.internal;
-
-
-import com.fasterxml.jackson.annotation.JsonInclude;
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import java.util.List;
-import java.util.Map;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-public class GcmRequestEntity {
-
-  @JsonProperty(value = "collapse_key")
-  private String collapseKey;
-
-  @JsonProperty(value = "time_to_live")
-  private Long ttl;
-
-  @JsonProperty(value = "delay_while_idle")
-  private Boolean delayWhileIdle;
-
-  @JsonProperty(value = "data")
-  private Map<String, String> data;
-
-  @JsonProperty(value = "registration_ids")
-  private List<String> registrationIds;
-
-  @JsonProperty
-  private String priority;
-
-  public GcmRequestEntity(String collapseKey, Long ttl, Boolean delayWhileIdle,
-                          Map<String, String> data, List<String> registrationIds,
-                          String priority)
-  {
-    this.collapseKey     = collapseKey;
-    this.ttl             = ttl;
-    this.delayWhileIdle  = delayWhileIdle;
-    this.data            = data;
-    this.registrationIds = registrationIds;
-    this.priority        = priority;
-  }
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/internal/GcmResponseEntity.java

@@ -1,31 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.internal;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-public class GcmResponseEntity {
-
-  @JsonProperty(value = "message_id")
-  private String messageId;
-
-  @JsonProperty(value = "registration_id")
-  private String canonicalRegistrationId;
-
-  @JsonProperty
-  private String error;
-
-  public String getMessageId() {
-    return messageId;
-  }
-
-  public String getCanonicalRegistrationId() {
-    return canonicalRegistrationId;
-  }
-
-  public String getError() {
-    return error;
-  }
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/internal/GcmResponseListEntity.java

@@ -1,19 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.internal;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import java.util.List;
-
-public class GcmResponseListEntity {
-
-  @JsonProperty
-  private List<GcmResponseEntity> results;
-
-  public List<GcmResponseEntity> getResults() {
-    return results;
-  }
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/MessageTest.java

@@ -1,49 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import org.junit.Test;
-
-import java.io.IOException;
-
-import static org.junit.Assert.assertEquals;
-import static org.whispersystems.gcm.server.util.JsonHelpers.jsonFixture;
-
-public class MessageTest {
-
-  @Test
-  public void testMinimal() throws IOException {
-    Message message = Message.newBuilder()
-                             .withDestination("1")
-                             .build();
-
-    assertEquals(message.serialize(), jsonFixture("fixtures/message-minimal.json"));
-  }
-
-  @Test
-  public void testComplete() throws IOException {
-    Message message = Message.newBuilder()
-                             .withDestination("1")
-                             .withCollapseKey("collapse")
-                             .withDelayWhileIdle(true)
-                             .withTtl(10)
-                             .withPriority("high")
-                             .build();
-
-    assertEquals(message.serialize(), jsonFixture("fixtures/message-complete.json"));
-  }
-
-  @Test
-  public void testWithData() throws IOException {
-    Message message = Message.newBuilder()
-                             .withDestination("2")
-                             .withDataPart("key1", "value1")
-                             .withDataPart("key2", "value2")
-                             .build();
-
-    assertEquals(message.serialize(), jsonFixture("fixtures/message-data.json"));
-  }
-
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/SenderTest.java

@@ -1,200 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
-import static com.github.tomakehurst.wiremock.client.WireMock.any;
-import static com.github.tomakehurst.wiremock.client.WireMock.anyRequestedFor;
-import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
-import static com.github.tomakehurst.wiremock.client.WireMock.equalTo;
-import static com.github.tomakehurst.wiremock.client.WireMock.ok;
-import static com.github.tomakehurst.wiremock.client.WireMock.postRequestedFor;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
-import static com.github.tomakehurst.wiremock.client.WireMock.verify;
-import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-import static org.whispersystems.gcm.server.util.FixtureHelpers.fixture;
-import static org.whispersystems.gcm.server.util.JsonHelpers.jsonFixture;
-
-import com.fasterxml.jackson.annotation.JsonAutoDetect;
-import com.fasterxml.jackson.annotation.PropertyAccessor;
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.github.tomakehurst.wiremock.client.CountMatchingStrategy;
-import com.github.tomakehurst.wiremock.junit.WireMockRule;
-import java.io.IOException;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.TimeoutException;
-import org.junit.Rule;
-import org.junit.Test;
-
-public class SenderTest {
-
-  @Rule
-  public WireMockRule wireMock = new WireMockRule(options().dynamicPort().dynamicHttpsPort());
-
-  private static final ObjectMapper mapper = new ObjectMapper();
-
-  static {
-    mapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.NONE);
-    mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
-    mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-  }
-
-  @Test
-  public void testSuccess() throws InterruptedException, ExecutionException, TimeoutException, IOException {
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(aResponse()
-            .withStatus(200)
-            .withBody(fixture("fixtures/response-success.json"))));
-
-
-    Sender                    sender = new Sender("foobarbaz", mapper, 10, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    Result result = future.get(10, TimeUnit.SECONDS);
-
-    assertTrue(result.isSuccess());
-    assertFalse(result.isThrottled());
-    assertFalse(result.isUnregistered());
-    assertEquals(result.getMessageId(), "1:08");
-    assertNull(result.getError());
-    assertNull(result.getCanonicalRegistrationId());
-
-    verify(1, postRequestedFor(urlEqualTo("/gcm/send"))
-        .withHeader("Authorization", equalTo("key=foobarbaz"))
-        .withHeader("Content-Type", equalTo("application/json"))
-        .withRequestBody(equalTo(jsonFixture("fixtures/message-minimal.json"))));
-  }
-
-  @Test
-  public void testBadApiKey() throws InterruptedException, TimeoutException {
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(aResponse()
-            .withStatus(401)));
-
-    Sender                    sender = new Sender("foobar", mapper, 10, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    try {
-      future.get(10, TimeUnit.SECONDS);
-      throw new AssertionError();
-    } catch (ExecutionException ee) {
-      assertTrue(ee.getCause() instanceof AuthenticationFailedException);
-    }
-
-    verify(1, anyRequestedFor(anyUrl()));
-  }
-
-  @Test
-  public void testBadRequest() throws TimeoutException, InterruptedException {
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(aResponse()
-            .withStatus(400)));
-
-    Sender                    sender = new Sender("foobarbaz", mapper, 10, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    try {
-      future.get(10, TimeUnit.SECONDS);
-      throw new AssertionError();
-    } catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof InvalidRequestException);
-    }
-
-    verify(1, anyRequestedFor(anyUrl()));
-  }
-
-  @Test
-  public void testServerError() throws TimeoutException, InterruptedException {
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(aResponse()
-            .withStatus(503)));
-
-    Sender                    sender = new Sender("foobarbaz", mapper, 3, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    try {
-      future.get(10, TimeUnit.SECONDS);
-      throw new AssertionError();
-    } catch (ExecutionException ee) {
-      assertTrue(ee.getCause() instanceof ServerFailedException);
-    }
-
-    verify(3, anyRequestedFor(anyUrl()));
-  }
-
-  @Test
-  public void testServerErrorRecovery() throws InterruptedException, ExecutionException, TimeoutException {
-
-    wireMock.stubFor(any(anyUrl()).willReturn(aResponse().withStatus(503)));
-
-    Sender                    sender = new Sender("foobarbaz", mapper, 4, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    // up to three failures can happen, with 100ms exponential backoff
-    // if we end up using the fourth, and finaly try, it would be after ~700 ms
-    CompletableFuture.delayedExecutor(300, TimeUnit.MILLISECONDS).execute(() ->
-        wireMock.stubFor(any(anyUrl())
-            .willReturn(aResponse()
-                .withStatus(200)
-                .withBody(fixture("fixtures/response-success.json"))))
-    );
-
-    Result result = future.get(10, TimeUnit.SECONDS);
-
-    verify(new CountMatchingStrategy(CountMatchingStrategy.GREATER_THAN, 1), anyRequestedFor(anyUrl()));
-    assertTrue(result.isSuccess());
-    assertFalse(result.isThrottled());
-    assertFalse(result.isUnregistered());
-    assertEquals(result.getMessageId(), "1:08");
-    assertNull(result.getError());
-    assertNull(result.getCanonicalRegistrationId());
-  }
-
-  @Test
-  public void testNetworkError() throws TimeoutException, InterruptedException {
-
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(ok()));
-
-    Sender sender = new Sender("foobarbaz", mapper ,2, "http://localhost:" + wireMock.port() + "/gcm/send");
-
-    wireMock.stop();
-
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    try {
-      future.get(10, TimeUnit.SECONDS);
-    } catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof IOException);
-    }
-  }
-
-  @Test
-  public void testNotRegistered() throws InterruptedException, ExecutionException, TimeoutException {
-
-    wireMock.stubFor(any(anyUrl()).willReturn(aResponse().withStatus(200)
-        .withBody(fixture("fixtures/response-not-registered.json"))));
-
-    Sender                    sender = new Sender("foobarbaz", mapper,2, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder()
-                                                         .withDestination("2")
-                                                         .withDataPart("message", "new message!")
-                                                         .build());
-
-    Result result = future.get(10, TimeUnit.SECONDS);
-
-    assertFalse(result.isSuccess());
-    assertTrue(result.isUnregistered());
-    assertFalse(result.isThrottled());
-    assertEquals(result.getError(), "NotRegistered");
-  }
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/SimultaneousSenderTest.java

@@ -1,89 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
-import static com.github.tomakehurst.wiremock.client.WireMock.post;
-import static com.github.tomakehurst.wiremock.client.WireMock.stubFor;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlPathEqualTo;
-import static junit.framework.TestCase.assertTrue;
-import static org.whispersystems.gcm.server.util.FixtureHelpers.fixture;
-
-import com.fasterxml.jackson.annotation.JsonAutoDetect;
-import com.fasterxml.jackson.annotation.PropertyAccessor;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
-import com.github.tomakehurst.wiremock.junit.WireMockRule;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.TimeoutException;
-import org.junit.Ignore;
-import org.junit.Rule;
-import org.junit.Test;
-
-public class SimultaneousSenderTest {
-
-  @Rule
-  public WireMockRule wireMock = new WireMockRule(WireMockConfiguration.options().dynamicPort().dynamicHttpsPort());
-
-  private static final ObjectMapper mapper = new ObjectMapper();
-
-  static {
-    mapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.NONE);
-    mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
-    mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-  }
-
-  @Test
-  public void testSimultaneousSuccess() throws TimeoutException, InterruptedException, ExecutionException, JsonProcessingException {
-    stubFor(post(urlPathEqualTo("/gcm/send"))
-                .willReturn(aResponse()
-                                .withStatus(200)
-                                .withBody(fixture("fixtures/response-success.json"))));
-
-    Sender                          sender  = new Sender("foobarbaz", mapper, 2, "http://localhost:" + wireMock.port() + "/gcm/send");
-    List<CompletableFuture<Result>> results = new LinkedList<>();
-
-    for (int i=0;i<1000;i++) {
-      results.add(sender.send(Message.newBuilder().withDestination("1").build()));
-    }
-
-    for (CompletableFuture<Result> future : results) {
-      Result result = future.get(60, TimeUnit.SECONDS);
-
-      if (!result.isSuccess()) {
-        throw new AssertionError(result.getError());
-      }
-    }
-  }
-
-  @Test
-  @Ignore
-  public void testSimultaneousFailure() throws TimeoutException, InterruptedException {
-    stubFor(post(urlPathEqualTo("/gcm/send"))
-                .willReturn(aResponse()
-                                .withStatus(503)));
-
-    Sender                         sender   = new Sender("foobarbaz", mapper, 2, "http://localhost:" + wireMock.port() + "/gcm/send");
-    List<CompletableFuture<Result>> futures = new LinkedList<>();
-
-    for (int i=0;i<1000;i++) {
-      futures.add(sender.send(Message.newBuilder().withDestination("1").build()));
-    }
-
-    for (CompletableFuture<Result> future : futures) {
-      try {
-        Result result = future.get(60, TimeUnit.SECONDS);
-      } catch (ExecutionException e) {
-        assertTrue(e.getCause().toString(), e.getCause() instanceof ServerFailedException);
-      }
-    }
-  }
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/util/FixtureHelpers.java

@@ -1,47 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.util;
-
-import com.google.common.base.Charsets;
-import com.google.common.io.Resources;
-
-import java.io.IOException;
-import java.nio.charset.Charset;
-
-/**
- * A set of helper method for fixture files.
- */
-public class FixtureHelpers {
-  private FixtureHelpers() { /* singleton */ }
-
-  /**
-   * Reads the given fixture file from the classpath (e. g. {@code src/test/resources})
-   * and returns its contents as a UTF-8 string.
-   *
-   * @param filename the filename of the fixture file
-   * @return the contents of {@code src/test/resources/{filename}}
-   * @throws IllegalArgumentException if an I/O error occurs.
-   */
-  public static String fixture(String filename) {
-    return fixture(filename, Charsets.UTF_8);
-  }
-
-  /**
-   * Reads the given fixture file from the classpath (e. g. {@code src/test/resources})
-   * and returns its contents as a string.
-   *
-   * @param filename the filename of the fixture file
-   * @param charset  the character set of {@code filename}
-   * @return the contents of {@code src/test/resources/{filename}}
-   * @throws IllegalArgumentException if an I/O error occurs.
-   */
-  private static String fixture(String filename, Charset charset) {
-    try {
-      return Resources.toString(Resources.getResource(filename), charset).trim();
-    } catch (IOException e) {
-      throw new IllegalArgumentException(e);
-    }
-  }
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/util/JsonHelpers.java

@@ -1,30 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.util;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
-import java.io.IOException;
-
-import static org.whispersystems.gcm.server.util.FixtureHelpers.fixture;
-
-public class JsonHelpers {
-
-  private static final ObjectMapper objectMapper = new ObjectMapper();
-
-  public static String asJson(Object object) throws JsonProcessingException {
-    return objectMapper.writeValueAsString(object);
-  }
-
-  public static <T> T fromJson(String value, Class<T> clazz) throws IOException {
-    return objectMapper.readValue(value, clazz);
-  }
-
-  public static String jsonFixture(String filename) throws IOException {
-    return objectMapper.writeValueAsString(objectMapper.readValue(fixture(filename), JsonNode.class));
-  }
-}

gcm-sender-async/src/test/resources/fixtures/message-complete.json

@@ -1,7 +0,0 @@
-{
-  "priority" : "high",
-  "collapse_key" : "collapse",
-  "time_to_live" : 10,
-  "delay_while_idle" : true,
-  "registration_ids" : ["1"]
-}

gcm-sender-async/src/test/resources/fixtures/message-data.json

@@ -1,7 +0,0 @@
-{
-  "data" : {
-    "key1" : "value1",
-    "key2" : "value2"
-  },
-  "registration_ids" : ["2"]
-}

gcm-sender-async/src/test/resources/fixtures/message-minimal.json

@@ -1,3 +0,0 @@
-{
-  "registration_ids" : ["1"]
-}

gcm-sender-async/src/test/resources/fixtures/response-not-registered.json

@@ -1,8 +0,0 @@
-{ "multicast_id": 216,
-  "success": 0,
-  "failure": 1,
-  "canonical_ids": 0,
-  "results": [
-    { "error": "NotRegistered"}
-  ]
-}

gcm-sender-async/src/test/resources/fixtures/response-success.json

@@ -1,8 +0,0 @@
-{ "multicast_id": 108,
-  "success": 1,
-  "failure": 0,
-  "canonical_ids": 0,
-  "results": [
-    { "message_id": "1:08" }
-  ]
-}

gcm-sender-async/src/test/resources/logback-test.xml

@@ -1,8 +0,0 @@
-<configuration>
-  <!-- Turning down the wiremock logging -->
-  <logger name="com.github.tomakehurst.wiremock" level="WARN"/>
-  <logger name="wiremock.org" level="ERROR"/>
-  <logger name="WireMock" level="WARN"/>
-  <!-- wiremock has per endpoint servlet logging -->
-  <logger name="/" level="WARN"/>
-</configuration>

mvnw

@@ -0,0 +1,316 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   M2_HOME - location of maven2's installed home dir
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /usr/local/etc/mavenrc ] ; then
+    . /usr/local/etc/mavenrc
+  fi
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+    # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+    # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+    if [ -z "$JAVA_HOME" ]; then
+      if [ -x "/usr/libexec/java_home" ]; then
+        export JAVA_HOME="`/usr/libexec/java_home`"
+      else
+        export JAVA_HOME="/Library/Java/Home"
+      fi
+    fi
+    ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+  ## resolve links - $0 may be a link to maven's home
+  PRG="$0"
+
+  # need this for relative symlinks
+  while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+      PRG="$link"
+    else
+      PRG="`dirname "$PRG"`/$link"
+    fi
+  done
+
+  saveddir=`pwd`
+
+  M2_HOME=`dirname "$PRG"`/..
+
+  # make it fully qualified
+  M2_HOME=`cd "$M2_HOME" && pwd`
+
+  cd "$saveddir"
+  # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --unix "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME="`(cd "$M2_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="`\\unset -f command; \\command -v java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+  if [ -z "$1" ]
+  then
+    echo "Path not specified to find_maven_basedir"
+    return 1
+  fi
+
+  basedir="$1"
+  wdir="$1"
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+    if [ -d "${wdir}" ]; then
+      wdir=`cd "$wdir/.."; pwd`
+    fi
+    # end of workaround
+  done
+  echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    echo "$(tr -s '\n' ' ' < "$1")"
+  fi
+}
+
+BASE_DIR=`find_maven_basedir "$(pwd)"`
+if [ -z "$BASE_DIR" ]; then
+  exit 1;
+fi
+
+##########################################################################################
+# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+# This allows using the maven wrapper in projects that prohibit checking in binary data.
+##########################################################################################
+if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Found .mvn/wrapper/maven-wrapper.jar"
+    fi
+else
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
+    fi
+    if [ -n "$MVNW_REPOURL" ]; then
+      jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    else
+      jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    fi
+    while IFS="=" read key value; do
+      case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
+      esac
+    done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Downloading from: $jarUrl"
+    fi
+    wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
+    if $cygwin; then
+      wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
+    fi
+
+    if command -v wget > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found wget ... using wget"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            wget "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        else
+            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        fi
+    elif command -v curl > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found curl ... using curl"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            curl -o "$wrapperJarPath" "$jarUrl" -f
+        else
+            curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
+        fi
+
+    else
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Falling back to using Java to download"
+        fi
+        javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
+        # For Cygwin, switch paths to Windows format before running javac
+        if $cygwin; then
+          javaClass=`cygpath --path --windows "$javaClass"`
+        fi
+        if [ -e "$javaClass" ]; then
+            if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Compiling MavenWrapperDownloader.java ..."
+                fi
+                # Compiling the Java class
+                ("$JAVA_HOME/bin/javac" "$javaClass")
+            fi
+            if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                # Running the downloader
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Running MavenWrapperDownloader.java ..."
+                fi
+                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
+            fi
+        fi
+    fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+if [ "$MVNW_VERBOSE" = true ]; then
+  echo $MAVEN_PROJECTBASEDIR
+fi
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --path --windows "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+  [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+    MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  $MAVEN_DEBUG_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.home=${M2_HOME}" \
+  "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"

mvnw.cmd

@@ -0,0 +1,188 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
+if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Found %WRAPPER_JAR%
+    )
+) else (
+    if not "%MVNW_REPOURL%" == "" (
+        SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    )
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Couldn't find %WRAPPER_JAR%, downloading it ...
+        echo Downloading from: %DOWNLOAD_URL%
+    )
+
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Finished downloading %WRAPPER_JAR%
+    )
+)
+@REM End of extension
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% ^
+  %JVM_CONFIG_MAVEN_PROPS% ^
+  %MAVEN_OPTS% ^
+  %MAVEN_DEBUG_OPTS% ^
+  -classpath %WRAPPER_JAR% ^
+  "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
+  %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
+if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%"=="on" pause
+
+if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
+
+cmd /C exit /B %ERROR_CODE%

pom.xml

@@ -4,9 +4,6 @@
   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <packaging>pom</packaging>
-  <prerequisites>
-    <maven>3.0.0</maven>
-  </prerequisites>
 
   <repositories>
     <repository>
@@ -24,32 +21,69 @@
     </repository>
   </repositories>
 
+  <pluginRepositories>
+    <pluginRepository>
+      <id>ossrh-snapshots</id>
+      <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+      <releases>
+        <enabled>false</enabled>
+      </releases>
+      <snapshots>
+        <enabled>true</enabled>
+      </snapshots>
+    </pluginRepository>
+  </pluginRepositories>
+
   <modules>
     <module>redis-dispatch</module>
     <module>websocket-resources</module>
-    <module>gcm-sender-async</module>
     <module>service</module>
   </modules>
 
   <properties>
-    <dropwizard.version>2.0.21</dropwizard.version>
-    <aws.sdk.version>1.11.939</aws.sdk.version>
-    <aws.sdk2.version>2.16.66</aws.sdk2.version>
-    <mockito.version>2.25.1</mockito.version>
-    <micrometer.version>1.5.3</micrometer.version>
-    <pushy.version>0.14.2</pushy.version>
+    <aws.sdk.version>1.12.287</aws.sdk.version>
+    <aws.sdk2.version>2.17.258</aws.sdk2.version>
+    <commons-codec.version>1.15</commons-codec.version>
+    <commons-csv.version>1.8</commons-csv.version>
+    <commons-io.version>2.9.0</commons-io.version>
+    <dropwizard.version>2.0.32</dropwizard.version>
+    <dropwizard-metrics-datadog.version>1.1.13</dropwizard-metrics-datadog.version>
+    <gson.version>2.9.0</gson.version>
+    <guava.version>30.1.1-jre</guava.version>
+    <jackson.version>2.13.3</jackson.version>
+    <jaxb.version>2.3.1</jaxb.version>
+    <jedis.version>2.9.0</jedis.version>
+    <lettuce.version>6.1.9.RELEASE</lettuce.version>
+    <libphonenumber.version>8.12.54</libphonenumber.version>
+    <logstash.logback.version>7.0.1</logstash.logback.version>
+    <micrometer.version>1.9.3</micrometer.version>
+    <mockito.version>4.7.0</mockito.version>
+    <netty.version>4.1.79.Final</netty.version>
+    <opentest4j.version>1.2.0</opentest4j.version>
+    <protobuf.version>3.19.4</protobuf.version>
+    <pushy.version>0.15.1</pushy.version>
     <resilience4j.version>1.5.0</resilience4j.version>
+    <semver4j.version>3.1.0</semver4j.version>
+    <slf4j.version>1.7.30</slf4j.version>
+    <stripe.version>21.2.0</stripe.version>
+    <vavr.version>0.10.4</vavr.version>
 
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <TextSecureServer.version>5.93</TextSecureServer.version>
   </properties>
 
   <groupId>org.whispersystems.textsecure</groupId>
   <artifactId>TextSecureServer</artifactId>
-  <version>1.0</version>
+  <version>JGITVER</version>
 
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>com.fasterxml.jackson</groupId>
+        <artifactId>jackson-bom</artifactId>
+        <version>2.13.3</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <groupId>io.dropwizard</groupId>
         <artifactId>dropwizard-dependencies</artifactId>
@@ -57,6 +91,13 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+        <groupId>io.netty</groupId>
+        <artifactId>netty-bom</artifactId>
+        <version>${netty.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <groupId>com.amazonaws</groupId>
         <artifactId>aws-java-sdk-bom</artifactId>
@@ -71,6 +112,13 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+        <groupId>com.google.cloud</groupId>
+        <artifactId>libraries-bom</artifactId>
+        <version>20.9.0</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <groupId>io.github.resilience4j</groupId>
         <artifactId>resilience4j-bom</artifactId>
@@ -85,6 +133,156 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+
+      <dependency>
+        <groupId>com.eatthepath</groupId>
+        <artifactId>pushy</artifactId>
+        <version>${pushy.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.eatthepath</groupId>
+        <artifactId>pushy-dropwizard-metrics-listener</artifactId>
+        <version>${pushy.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.google.guava</groupId>
+        <artifactId>guava</artifactId>
+        <version>${guava.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.google.protobuf</groupId>
+        <artifactId>protobuf-java</artifactId>
+        <version>${protobuf.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.googlecode.libphonenumber</groupId>
+        <artifactId>libphonenumber</artifactId>
+        <version>${libphonenumber.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.vdurmont</groupId>
+        <artifactId>semver4j</artifactId>
+        <version>${semver4j.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>commons-codec</groupId>
+        <artifactId>commons-codec</artifactId>
+        <version>${commons-codec.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>commons-io</groupId>
+        <artifactId>commons-io</artifactId>
+        <version>${commons-io.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>io.lettuce</groupId>
+        <artifactId>lettuce-core</artifactId>
+        <version>${lettuce.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>io.vavr</groupId>
+        <artifactId>vavr</artifactId>
+        <version>${vavr.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>javax.xml.bind</groupId>
+        <artifactId>jaxb-api</artifactId>
+        <version>${jaxb.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>net.logstash.logback</groupId>
+        <artifactId>logstash-logback-encoder</artifactId>
+        <version>${logstash.logback.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-csv</artifactId>
+        <version>${commons-csv.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.coursera</groupId>
+        <artifactId>dropwizard-metrics-datadog</artifactId>
+        <version>${dropwizard-metrics-datadog.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.glassfish.jaxb</groupId>
+        <artifactId>jaxb-runtime</artifactId>
+        <version>${jaxb.version}</version>
+        <scope>runtime</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.mockito</groupId>
+        <artifactId>mockito-core</artifactId>
+        <version>${mockito.version}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.mockito</groupId>
+        <artifactId>mockito-inline</artifactId>
+        <version>${mockito.version}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.opentest4j</groupId>
+        <artifactId>opentest4j</artifactId>
+        <version>${opentest4j.version}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.slf4j</groupId>
+        <artifactId>slf4j-api</artifactId>
+        <version>${slf4j.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.slf4j</groupId>
+        <artifactId>slf4j-nop</artifactId>
+        <version>${slf4j.version}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>redis.clients</groupId>
+        <artifactId>jedis</artifactId>
+        <version>${jedis.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>commons-logging</groupId>
+        <artifactId>commons-logging</artifactId>
+        <version>1.2</version>
+      </dependency>
+      <dependency>
+        <groupId>org.ow2.asm</groupId>
+        <artifactId>asm</artifactId>
+        <version>9.2</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>com.stripe</groupId>
+        <artifactId>stripe-java</artifactId>
+        <version>${stripe.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.google.code.gson</groupId>
+        <artifactId>gson</artifactId>
+        <version>${gson.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.signal</groupId>
+        <artifactId>embedded-redis</artifactId>
+        <version>0.8.3</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.signal</groupId>
+        <artifactId>libsignal-server</artifactId>
+        <version>0.18.0</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-bom</artifactId>
+        <version>2.17.1</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
@@ -98,7 +296,7 @@
     <dependency>
       <groupId>com.github.tomakehurst</groupId>
       <artifactId>wiremock-jre8</artifactId>
-      <version>2.27.2</version>
+      <version>2.33.2</version>
       <scope>test</scope>
       <exclusions>
         <exclusion>
@@ -123,28 +321,77 @@
       <scope>test</scope>
     </dependency>
     <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
+      <groupId>org.junit.jupiter</groupId>
+      <artifactId>junit-jupiter-api</artifactId>
       <scope>test</scope>
     </dependency>
 
   </dependencies>
 
+  <profiles>
+    <profile>
+      <id>include-abusive-message-filter</id>
+      <activation>
+        <file>
+          <exists>abusive-message-filter/pom.xml</exists>
+        </file>
+      </activation>
+      <modules>
+        <module>abusive-message-filter</module>
+      </modules>
+    </profile>
+
+    <profile>
+      <id>exclude-abusive-message-filter</id>
+      <activation>
+        <file>
+          <missing>abusive-message-filter/pom.xml</missing>
+        </file>
+      </activation>
+    </profile>
+  </profiles>
+
   <build>
+    <extensions>
+      <extension>
+        <groupId>kr.motd.maven</groupId>
+        <artifactId>os-maven-plugin</artifactId>
+        <version>1.7.0</version>
+      </extension>
+    </extensions>
     <plugins>
+
+      <plugin>
+        <groupId>org.xolstice.maven.plugins</groupId>
+        <artifactId>protobuf-maven-plugin</artifactId>
+        <version>0.6.1</version>
+        <configuration>
+          <protocArtifact>com.google.protobuf:protoc:3.18.0:exe:${os.detected.classifier}</protocArtifact>
+          <checkStaleness>true</checkStaleness>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>compile</goal>
+              <goal>test-compile</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-compiler-plugin</artifactId>
-        <version>3.8.0</version>
+        <version>3.8.1</version>
         <configuration>
-          <source>11</source>
-          <target>11</target>
+          <release>17</release>
         </configuration>
       </plugin>
+
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-jar-plugin</artifactId>
-        <version>3.1.1</version>
+        <version>3.2.0</version>
         <configuration>
           <archive>
             <manifest>
@@ -191,11 +438,39 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-enforcer-plugin</artifactId>
-        <version>1.4.1</version>
+        <version>3.0.0-M3</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <dependencyConvergence/>
+                <requireMavenVersion>
+                  <version>3.8.3</version>
+                </requireMavenVersion>
+              </rules>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-install-plugin</artifactId>
+        <version>3.0.0-M1</version>
         <configuration>
-          <rules>
-            <dependencyConvergence/>
-          </rules>
+          <skip>true</skip>
+        </configuration>
+      </plugin>
+
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-deploy-plugin</artifactId>
+        <version>3.0.0-M1</version>
+        <configuration>
+          <skip>true</skip>
         </configuration>
       </plugin>
 

redis-dispatch/pom.xml

@@ -5,12 +5,10 @@
   <parent>
     <artifactId>TextSecureServer</artifactId>
     <groupId>org.whispersystems.textsecure</groupId>
-    <version>1.0</version>
+    <version>JGITVER</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
-
   <artifactId>redis-dispatch</artifactId>
-  <version>${TextSecureServer.version}</version>
 
   <dependencies>
     <dependency>

redis-dispatch/src/main/java/org/whispersystems/dispatch/DispatchChannel.java

@@ -5,7 +5,7 @@
 package org.whispersystems.dispatch;
 
 public interface DispatchChannel {
-  public void onDispatchMessage(String channel, byte[] message);
-  public void onDispatchSubscribed(String channel);
-  public void onDispatchUnsubscribed(String channel);
+  void onDispatchMessage(String channel, byte[] message);
+  void onDispatchSubscribed(String channel);
+  void onDispatchUnsubscribed(String channel);
 }

redis-dispatch/src/main/java/org/whispersystems/dispatch/DispatchManager.java

@@ -59,9 +59,7 @@ public class DispatchManager extends Thread {
       logger.warn("Subscription error", e);
     }
 
-    if (previous.isPresent()) {
-      dispatchUnsubscription(name, previous.get());
-    }
+    previous.ifPresent(channel -> dispatchUnsubscription(name, channel));
   }
 
   public synchronized void unsubscribe(String name, DispatchChannel channel) {
@@ -132,46 +130,28 @@ public class DispatchManager extends Thread {
   }
 
   private void resubscribeAll() {
-    new Thread() {
-      @Override
-      public void run() {
-        synchronized (DispatchManager.this) {
-          try {
-            for (String name : subscriptions.keySet()) {
-              pubSubConnection.subscribe(name);
-            }
-          } catch (IOException e) {
-            logger.warn("***** RESUBSCRIPTION ERROR *****", e);
+    new Thread(() -> {
+      synchronized (DispatchManager.this) {
+        try {
+          for (String name : subscriptions.keySet()) {
+            pubSubConnection.subscribe(name);
           }
+        } catch (IOException e) {
+          logger.warn("***** RESUBSCRIPTION ERROR *****", e);
         }
       }
-    }.start();
+    }).start();
   }
 
   private void dispatchMessage(final String name, final DispatchChannel channel, final byte[] message) {
-    executor.execute(new Runnable() {
-      @Override
-      public void run() {
-        channel.onDispatchMessage(name, message);
-      }
-    });
+    executor.execute(() -> channel.onDispatchMessage(name, message));
   }
 
   private void dispatchSubscription(final String name, final DispatchChannel channel) {
-    executor.execute(new Runnable() {
-      @Override
-      public void run() {
-        channel.onDispatchSubscribed(name);
-      }
-    });
+    executor.execute(() -> channel.onDispatchSubscribed(name));
   }
 
   private void dispatchUnsubscription(final String name, final DispatchChannel channel) {
-    executor.execute(new Runnable() {
-      @Override
-      public void run() {
-        channel.onDispatchUnsubscribed(name);
-      }
-    });
+    executor.execute(() -> channel.onDispatchUnsubscribed(name));
   }
 }

redis-dispatch/src/main/java/org/whispersystems/dispatch/io/RedisInputStream.java

@@ -20,7 +20,7 @@ public class RedisInputStream {
   }
 
   public String readLine() throws IOException {
-    ByteArrayOutputStream boas = new ByteArrayOutputStream();
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
 
     boolean foundCr = false;
 
@@ -31,14 +31,14 @@ public class RedisInputStream {
         throw new IOException("Stream closed!");
       }
 
-      boas.write(character);
+      baos.write(character);
 
       if      (foundCr && character == LF) break;
       else if (character == CR)            foundCr = true;
       else if (foundCr)                    foundCr = false;
     }
 
-    byte[] data = boas.toByteArray();
+    byte[] data = baos.toByteArray();
     return new String(data, 0, data.length-2);
   }
 

redis-dispatch/src/main/java/org/whispersystems/dispatch/io/RedisPubSubConnectionFactory.java

@@ -8,6 +8,6 @@ import org.whispersystems.dispatch.redis.PubSubConnection;
 
 public interface RedisPubSubConnectionFactory {
 
-  public PubSubConnection connect();
+  PubSubConnection connect();
 
 }

redis-dispatch/src/main/java/org/whispersystems/dispatch/redis/PubSubConnection.java

@@ -115,7 +115,7 @@ public class PubSubConnection {
     byte[]            channelName       = inputStream.readFully(channelNameHeader.getStringLength());
     inputStream.readLine();
 
-    IntReply subscriptionCount = new IntReply(inputStream.readLine());
+    new IntReply(inputStream.readLine());
 
     return new String(channelName);
   }

redis-dispatch/src/test/java/org/whispersystems/dispatch/DispatchManagerTest.java

@@ -4,28 +4,25 @@
  */
 package org.whispersystems.dispatch;
 
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.ExternalResource;
-import org.mockito.ArgumentCaptor;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-import org.whispersystems.dispatch.io.RedisPubSubConnectionFactory;
-import org.whispersystems.dispatch.redis.PubSubConnection;
-import org.whispersystems.dispatch.redis.PubSubReply;
-
-import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Optional;
-
-import static org.junit.Assert.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.mockito.Mockito.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.timeout;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Optional;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.stubbing.Answer;
+import org.whispersystems.dispatch.io.RedisPubSubConnectionFactory;
+import org.whispersystems.dispatch.redis.PubSubConnection;
+import org.whispersystems.dispatch.redis.PubSubReply;
+
 public class DispatchManagerTest {
 
   private PubSubConnection             pubSubConnection;
@@ -33,31 +30,23 @@ public class DispatchManagerTest {
   private DispatchManager              dispatchManager;
   private PubSubReplyInputStream       pubSubReplyInputStream;
 
-  @Rule
-  public ExternalResource resource = new ExternalResource() {
-    @Override
-    protected void before() throws Throwable {
-      pubSubConnection       = mock(PubSubConnection.class  );
-      socketFactory          = mock(RedisPubSubConnectionFactory.class);
-      pubSubReplyInputStream = new PubSubReplyInputStream();
+  @BeforeEach
+  void setUp() throws Exception {
+    pubSubConnection       = mock(PubSubConnection.class  );
+    socketFactory          = mock(RedisPubSubConnectionFactory.class);
+    pubSubReplyInputStream = new PubSubReplyInputStream();
 
-      when(socketFactory.connect()).thenReturn(pubSubConnection);
-      when(pubSubConnection.read()).thenAnswer(new Answer<PubSubReply>() {
-        @Override
-        public PubSubReply answer(InvocationOnMock invocationOnMock) throws Throwable {
-          return pubSubReplyInputStream.read();
-        }
-      });
+    when(socketFactory.connect()).thenReturn(pubSubConnection);
+    when(pubSubConnection.read()).thenAnswer((Answer<PubSubReply>) invocationOnMock -> pubSubReplyInputStream.read());
 
-      dispatchManager = new DispatchManager(socketFactory, Optional.empty());
-      dispatchManager.start();
-    }
+    dispatchManager = new DispatchManager(socketFactory, Optional.empty());
+    dispatchManager.start();
+  }
 
-    @Override
-    protected void after() {
-
-    }
-  };
+  @AfterEach
+  void tearDown() {
+    dispatchManager.shutdown();
+  }
 
   @Test
   public void testConnect() {
@@ -65,7 +54,7 @@ public class DispatchManagerTest {
   }
 
   @Test
-  public void testSubscribe() throws IOException {
+  public void testSubscribe() {
     DispatchChannel dispatchChannel = mock(DispatchChannel.class);
     dispatchManager.subscribe("foo", dispatchChannel);
     pubSubReplyInputStream.write(new PubSubReply(PubSubReply.Type.SUBSCRIBE, "foo", Optional.empty()));
@@ -74,7 +63,7 @@ public class DispatchManagerTest {
   }
 
   @Test
-  public void testSubscribeUnsubscribe() throws IOException {
+  public void testSubscribeUnsubscribe() {
     DispatchChannel dispatchChannel = mock(DispatchChannel.class);
     dispatchManager.subscribe("foo", dispatchChannel);
     dispatchManager.unsubscribe("foo", dispatchChannel);
@@ -86,7 +75,7 @@ public class DispatchManagerTest {
   }
 
   @Test
-  public void testMessages() throws IOException {
+  public void testMessages() {
     DispatchChannel fooChannel = mock(DispatchChannel.class);
     DispatchChannel barChannel = mock(DispatchChannel.class);
 

redis-dispatch/src/test/java/org/whispersystems/dispatch/redis/PubSubConnectionTest.java

@@ -4,9 +4,9 @@
  */
 package org.whispersystems.dispatch.redis;
 
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.mock;
@@ -18,12 +18,12 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.Socket;
 import java.security.SecureRandom;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentCaptor;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
 
-public class PubSubConnectionTest {
+class PubSubConnectionTest {
 
   private static final String REPLY = "*3\r\n" +
       "$9\r\n" +
@@ -60,8 +60,7 @@ public class PubSubConnectionTest {
 
 
   @Test
-  public void testSubscribe() throws IOException {
-//    ByteChannel      byteChannel = mock(ByteChannel.class);
+  void testSubscribe() throws IOException {
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );
     when(socket.getOutputStream()).thenReturn(outputStream);
@@ -76,7 +75,7 @@ public class PubSubConnectionTest {
   }
 
   @Test
-  public void testUnsubscribe() throws IOException {
+  void testUnsubscribe() throws IOException {
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );
     when(socket.getOutputStream()).thenReturn(outputStream);
@@ -91,7 +90,7 @@ public class PubSubConnectionTest {
   }
 
   @Test
-  public void testTricklyResponse() throws Exception {
+  void testTricklyResponse() throws Exception {
     InputStream  inputStream  = mockInputStreamFor(new TrickleInputStream(REPLY.getBytes()));
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );
@@ -103,7 +102,7 @@ public class PubSubConnectionTest {
   }
 
   @Test
-  public void testFullResponse() throws Exception {
+  void testFullResponse() throws Exception {
     InputStream  inputStream  = mockInputStreamFor(new FullInputStream(REPLY.getBytes()));
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );
@@ -115,7 +114,7 @@ public class PubSubConnectionTest {
   }
 
   @Test
-  public void testRandomLengthResponse() throws Exception {
+  void testRandomLengthResponse() throws Exception {
     InputStream  inputStream  = mockInputStreamFor(new RandomInputStream(REPLY.getBytes()));
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );

redis-dispatch/src/test/java/org/whispersystems/dispatch/redis/protocol/ArrayReplyHeaderTest.java

@@ -5,42 +5,41 @@
 package org.whispersystems.dispatch.redis.protocol;
 
 
-import org.junit.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.IOException;
+import org.junit.jupiter.api.Test;
 
-import static org.junit.Assert.assertEquals;
+class ArrayReplyHeaderTest {
 
-public class ArrayReplyHeaderTest {
-
-
-  @Test(expected = IOException.class)
-  public void testNull() throws IOException {
-    new ArrayReplyHeader(null);
-  }
-
-  @Test(expected = IOException.class)
-  public void testBadPrefix() throws IOException {
-    new ArrayReplyHeader(":3");
-  }
-
-  @Test(expected = IOException.class)
-  public void testEmpty() throws IOException {
-    new ArrayReplyHeader("");
-  }
-
-  @Test(expected = IOException.class)
-  public void testTruncated() throws IOException {
-    new ArrayReplyHeader("*");
-  }
-
-  @Test(expected = IOException.class)
-  public void testBadNumber() throws IOException {
-    new ArrayReplyHeader("*ABC");
+  @Test
+  void testNull() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader(null));
   }
 
   @Test
-  public void testValid() throws IOException {
+  void testBadPrefix() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader(":3"));
+  }
+
+  @Test
+  void testEmpty() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader(""));
+  }
+
+  @Test
+  void testTruncated() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader("*"));
+  }
+
+  @Test
+  void testBadNumber() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader("*ABC"));
+  }
+
+  @Test
+  void testValid() throws IOException {
     assertEquals(4, new ArrayReplyHeader("*4").getElementCount());
   }
 

redis-dispatch/src/test/java/org/whispersystems/dispatch/redis/protocol/IntReplyHeaderTest.java

@@ -4,36 +4,36 @@
  */
 package org.whispersystems.dispatch.redis.protocol;
 
-import org.junit.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.IOException;
+import org.junit.jupiter.api.Test;
 
-import static org.junit.Assert.assertEquals;
+class IntReplyHeaderTest {
 
-public class IntReplyHeaderTest {
-
-  @Test(expected = IOException.class)
-  public void testNull() throws IOException {
-    new IntReply(null);
-  }
-
-  @Test(expected = IOException.class)
-  public void testEmpty() throws IOException {
-    new IntReply("");
-  }
-
-  @Test(expected = IOException.class)
-  public void testBadNumber() throws IOException {
-    new IntReply(":A");
-  }
-
-  @Test(expected = IOException.class)
-  public void testBadFormat() throws IOException {
-    new IntReply("*");
+  @Test
+  void testNull() {
+    assertThrows(IOException.class, () -> new IntReply(null));
   }
 
   @Test
-  public void testValid() throws IOException {
+  void testEmpty() {
+    assertThrows(IOException.class, () -> new IntReply(""));
+  }
+
+  @Test
+  void testBadNumber() {
+    assertThrows(IOException.class, () -> new IntReply(":A"));
+  }
+
+  @Test
+  void testBadFormat() {
+    assertThrows(IOException.class, () -> new IntReply("*"));
+  }
+
+  @Test
+  void testValid() throws IOException {
     assertEquals(23, new IntReply(":23").getValue());
   }
 }

redis-dispatch/src/test/java/org/whispersystems/dispatch/redis/protocol/StringReplyHeaderTest.java

@@ -4,48 +4,32 @@
  */
 package org.whispersystems.dispatch.redis.protocol;
 
-import org.junit.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.IOException;
+import org.junit.jupiter.api.Test;
 
-import static org.junit.Assert.assertEquals;
-
-public class StringReplyHeaderTest {
+class StringReplyHeaderTest {
 
   @Test
-  public void testNull() {
-    try {
-      new StringReplyHeader(null);
-      throw new AssertionError();
-    } catch (IOException e) {
-      // good
-    }
+  void testNull() {
+    assertThrows(IOException.class, () -> new StringReplyHeader(null));
   }
 
   @Test
-  public void testBadNumber() {
-    try {
-      new StringReplyHeader("$100A");
-      throw new AssertionError();
-    } catch (IOException e) {
-      // good
-    }
+  void testBadNumber() {
+    assertThrows(IOException.class, () -> new StringReplyHeader("$100A"));
   }
 
   @Test
-  public void testBadPrefix() {
-    try {
-      new StringReplyHeader("*");
-      throw new AssertionError();
-    } catch (IOException e) {
-      // good
-    }
+  void testBadPrefix() {
+    assertThrows(IOException.class, () -> new StringReplyHeader("*"));
   }
 
   @Test
-  public void testValid() throws IOException {
+  void testValid() throws IOException {
     assertEquals(1000, new StringReplyHeader("$1000").getStringLength());
   }
 
-
 }

service/assembly.xml

@@ -1,6 +1,6 @@
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
+<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.1.0"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-          xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
+          xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.1.0 http://maven.apache.org/xsd/assembly-2.1.0.xsd">
     <id>bin</id>
     <includeBaseDirectory>false</includeBaseDirectory>
     <formats>
@@ -18,8 +18,8 @@
             <directory>${project.build.directory}</directory>
             <outputDirectory>/</outputDirectory>
             <includes>
-                <include>${parent.artifactId}-${TextSecureServer.version}.jar</include>
+                <include>${parent.artifactId}-${project.version}.jar</include>
             </includes>
         </fileSet>
     </fileSets>
-</assembly>
+</assembly>

service/config/sample.yml

@@ -1,114 +1,295 @@
+# Example, relatively minimal, configuration that passes validation (see `io.dropwizard.cli.CheckCommand`)
+#
+# `unset` values will need to be set to work properly.
+# Most other values are technically valid for a local/demonstration environment, but are probably not production-ready.
+
+stripe:
+  apiKey: unset
+  idempotencyKeyGenerator: abcdefg12345678= # base64 for creating request idempotency hash
+  boostDescription: >
+    Example
+
+dynamoDbClientConfiguration:
+  region: us-west-2 # AWS Region
+
+dynamoDbTables:
+  accounts:
+    tableName: Example_Accounts
+    phoneNumberTableName: Example_Accounts_PhoneNumbers
+    phoneNumberIdentifierTableName: Example_Accounts_PhoneNumberIdentifiers
+    usernamesTableName: Example_Accounts_Usernames
+    scanPageSize: 100
+  deletedAccounts:
+    tableName: Example_DeletedAccounts
+    needsReconciliationIndexName: NeedsReconciliation
+  deletedAccountsLock:
+    tableName: Example_DeletedAccountsLock
+  issuedReceipts:
+    tableName: Example_IssuedReceipts
+    expiration: P30D # Duration of time until rows expire
+    generator: abcdefg12345678= # random base64-encoded binary sequence
+  keys:
+    tableName: Example_Keys
+  messages:
+    tableName: Example_Messages
+    expiration: P30D # Duration of time until rows expire
+  pendingAccounts:
+    tableName: Example_PendingAccounts
+  pendingDevices:
+    tableName: Example_PendingDevices
+  phoneNumberIdentifiers:
+    tableName: Example_PhoneNumberIdentifiers
+  profiles:
+    tableName: Example_Profiles
+  pushChallenge:
+    tableName: Example_PushChallenge
+  redeemedReceipts:
+    tableName: Example_RedeemedReceipts
+    expiration: P30D # Duration of time until rows expire
+  remoteConfig:
+    tableName: Example_RemoteConfig
+  reportMessage:
+    tableName: Example_ReportMessage
+  reservedUsernames:
+    tableName: Example_ReservedUsernames
+  subscriptions:
+    tableName: Example_Subscriptions
+
 twilio: # Twilio gateway configuration
-  accountId: 
-  accountToken: 
-  nanpaMessagingServiceSid: # Twilio SID for the messaging service to use for NANPA.
-  messagingServiceSid: # Twilio SID for the message service to use for non-NANPA.
-  verifyServiceSid: # Twilio SID for a Verify service
-  localDomain: # Domain Twilio can connect back to for calls. Should be domain of your service.
+  accountId: unset
+  accountToken: unset
+  nanpaMessagingServiceSid: unset # Twilio SID for the messaging service to use for NANPA.
+  messagingServiceSid: unset # Twilio SID for the message service to use for non-NANPA.
+  verifyServiceSid: unset # Twilio SID for a Verify service
+  localDomain: example.com # Domain Twilio can connect back to for calls. Should be domain of your service.
   defaultClientVerificationTexts:
-    ios: # Text to use for the verification message on iOS. Will be passed to String.format with the verification code as argument 1.
-    androidNg: # Text to use for the verification message on android-ng client types. Will be passed to String.format with the verification code as argument 1.
-    android202001: # Text to use for the verification message on android-2020-01 client types. Will be passed to String.format with the verification code as argument 1.
-    android202103: # Text to use for the verification message on android-2021-03 client types. Will be passed to String.format with the verification code as argument 1.
-    generic: # Text to use when the client type is unrecognized. Will be passed to String.format with the verification code as argument 1.
+    ios: example %1$s # Text to use for the verification message on iOS. Will be passed to String.format with the verification code as argument 1.
+    androidNg: example %1$s # Text to use for the verification message on android-ng client types. Will be passed to String.format with the verification code as argument 1.
+    android202001: example %1$s # Text to use for the verification message on android-2020-01 client types. Will be passed to String.format with the verification code as argument 1.
+    android202103: example %1$s # Text to use for the verification message on android-2021-03 client types. Will be passed to String.format with the verification code as argument 1.
+    generic: example %1$s # Text to use when the client type is unrecognized. Will be passed to String.format with the verification code as argument 1.
   regionalClientVerificationTexts: # Map of country codes to custom texts
     999: # example country code
-      ios:
-      # … all keys from defaultClientVerificationTexts are required
-  androidAppHash: # Hash appended to Android
-  verifyServiceFriendlyName: # Service name used in template. Requires Twilio account rep to enable
-
-push:
-  queueSize: # Size of push pending queue
-
-redphone:
-  authKey: # Deprecated
-
-turn: # TURN server configuration
-  secret: # TURN server secret
-  uris:
-    - stun:yourdomain:80
-    - stun:yourdomain.com:443
-    - turn:yourdomain:443?transport=udp
-    - turn:etc.com:80?transport=udp
+      ios: example %1$s # all keys from defaultClientVerificationTexts are required
+      androidNg: example %1$s
+      android202001: example %1$s
+      android202103: example %1$s
+      generic: example %1$s
+  androidAppHash: example # Hash appended to Android
+  verifyServiceFriendlyName: example # Service name used in template. Requires Twilio account rep to enable
 
 cacheCluster: # Redis server configuration for cache cluster
-  urls:
+  configurationUri: redis://redis.example.com:6379/
+
+clientPresenceCluster: # Redis server configuration for client presence cluster
+  configurationUri: redis://redis.example.com:6379/
+
+pubsub: # Redis server configuration for pubsub cluster
+  url: redis://redis.example.com:6379/
+  replicaUrls:
     - redis://redis.example.com:6379/
 
+pushSchedulerCluster: # Redis server configuration for push scheduler cluster
+  configurationUri: redis://redis.example.com:6379/
+
+rateLimitersCluster: # Redis server configuration for rate limiters cluster
+  configurationUri: redis://redis.example.com:6379/
+
 directory:
   client: # Configuration for interfacing with Contact Discovery Service cluster
-    userAuthenticationTokenSharedSecret: # hex-encoded secret shared with CDS used to generate auth tokens for Signal users
-    userAuthenticationTokenUserIdSecret: # hex-encoded secret shared among Signal-Servers to obscure user phone numbers from CDS
+    userAuthenticationTokenSharedSecret: 00000f # hex-encoded secret shared with CDS used to generate auth tokens for Signal users
+    userAuthenticationTokenUserIdSecret: 00000f # hex-encoded secret shared among Signal-Servers to obscure user phone numbers from CDS
   sqs:
-    accessKey:      # AWS SQS accessKey
-    accessSecret:   # AWS SQS accessSecret
-    queueUrl:       # AWS SQS queue url
-  server:
-    replicationUrl:                # CDS replication endpoint base url
-    replicationPassword:           # CDS replication endpoint password
-    replicationCaCertificate:      # CDS replication endpoint TLS certificate trust root
-    reconciliationChunkSize:       # CDS reconciliation chunk size
-    reconciliationChunkIntervalMs: # CDS reconciliation chunk interval, in milliseconds
+    accessKey: test     # AWS SQS accessKey
+    accessSecret: test  # AWS SQS accessSecret
+    queueUrls: # AWS SQS queue urls
+      - https://sqs.example.com/directory.fifo
+  server: # One or more CDS servers
+    - replicationName: example           # CDS replication name
+      replicationUrl: cds.example.com    # CDS replication endpoint base url
+      replicationPassword: example       # CDS replication endpoint password
+      replicationCaCertificate: |        # CDS replication endpoint TLS certificate trust root
+        -----BEGIN CERTIFICATE-----
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        AAAAAAAAAAAAAAAAAAAA
+        -----END CERTIFICATE-----
+
+directoryV2:
+  client: # Configuration for interfacing with Contact Discovery Service v2 cluster
+    userAuthenticationTokenSharedSecret: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG= # base64-encoded secret shared with CDS to generate auth tokens for Signal users
+    userIdTokenSharedSecret: bbcdefghijklmnopqrstuvwxyz0123456789ABCDEFG= # base64-encoded secret shared with CDS to generate auth identity tokens for Signal users
 
 messageCache: # Redis server configuration for message store cache
-  persistDelayMinutes:
-
+  persistDelayMinutes: 1
   cluster:
-    urls:
-      - redis://redis.example.com:6379/
-
-messageStore: # Postgresql database configuration for message store
-  driverClass: org.postgresql.Driver
-  user:
-  password:
-  url:
+    configurationUri: redis://redis.example.com:6379/
 
 metricsCluster:
-  urls:
-    - redis://redis.example.com:6379/
+  configurationUri: redis://redis.example.com:6379/
 
 awsAttachments: # AWS S3 configuration
-  accessKey:
-  accessSecret:
-  bucket:
-  region:
+  accessKey: test
+  accessSecret: test
+  bucket: aws-attachments
+  region: us-west-2
 
 gcpAttachments: # GCP Storage configuration
-  domain:
-  email:
-  maxSizeInBytes:
+  domain: example.com
+  email: user@example.cocm
+  maxSizeInBytes: 1024
   pathPrefix:
-  rsaSigningKey:
+  rsaSigningKey: |
+    -----BEGIN PRIVATE KEY-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAA
+    -----END PRIVATE KEY-----
 
-profiles: # AWS S3 configuration
-  accessKey:
-  accessSecret:
-  bucket:
-  region:
-
-database: # Postgresql database configuration
-  driverClass: org.postgresql.Driver
-  user:
-  password:
-  url:
+accountDatabaseCrawler:
+  chunkSize: 10           # accounts per run
+  chunkIntervalMs: 60000  # time per run
 
 apn: # Apple Push Notifications configuration
   sandbox: true
-  bundleId:
-  keyId:
-  teamId:
-  signingKey:
+  bundleId: com.example.textsecuregcm
+  keyId: unset
+  teamId: unset
+  signingKey: |
+    -----BEGIN PRIVATE KEY-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAA
+    -----END PRIVATE KEY-----
 
-gcm: # GCM Configuration
-  senderId:
-  apiKey:
+fcm: # FCM configuration
+  credentials: |
+    { "json": true }
 
-micrometer: # Micrometer metrics config
-  - name: "example"
-  - uri: "https://metrics.example.com/"
-  - apiKey:
-  - accountId:
+cdn:
+  accessKey: test    # AWS Access Key ID
+  accessSecret: test # AWS Access Secret
+  bucket: cdn        # S3 Bucket name
+  region: us-west-2  # AWS region
+
+datadog:
+  apiKey: unset
+  environment: dev
+
+unidentifiedDelivery:
+  certificate: ABCD1234
+  privateKey: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789AAAAAAA
+  expiresDays: 7
+
+voiceVerification:
+  url: https://cdn-ca.signal.org/verification/
+  locales:
+    - en
+
+recaptcha:
+  projectPath: projects/example
+  credentialConfigurationJson: "{ }" # service account configuration for backend authentication
+
+storageService:
+  uri: storage.example.com
+  userAuthenticationTokenSharedSecret: 00000f
+  storageCaCertificate: |
+    -----BEGIN CERTIFICATE-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAAAAAAAAAAAAAA
+    -----END CERTIFICATE-----
+
+backupService:
+  uri: backup.example.com
+  userAuthenticationTokenSharedSecret: 00000f
+  backupCaCertificate: |
+    -----BEGIN CERTIFICATE-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAAAAAAAAAAAAAA
+    -----END CERTIFICATE-----
+
+zkConfig:
+  serverPublic: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+  serverSecret: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzAA==
+
+appConfig:
+  application: example
+  environment: example
+  configuration: example
 
 remoteConfig:
   authorizedTokens:
@@ -117,23 +298,72 @@ remoteConfig:
     - # ...
     - # Nth authorized token
   globalConfig: # keys and values that are given to clients on GET /v1/config
+    EXAMPLE_KEY: VALUE
 
-paymentService:
-  userAuthenticationTokenSharedSecret: # hex-encoded 32-byte secret shared with MobileCoin services used to generate auth tokens for Signal users
+paymentsService:
+  userAuthenticationTokenSharedSecret: 0000000f0000000f0000000f0000000f0000000f0000000f0000000f0000000f # hex-encoded 32-byte secret shared with MobileCoin services used to generate auth tokens for Signal users
+  fixerApiKey: unset
+  paymentCurrencies:
+    # list of symbols for supported currencies
+    - MOB
 
 donation:
-  uri: # value
-  apiKey: # value
+  uri: donation.example.com # value
   supportedCurrencies:
     - # 1st supported currency
     - # 2nd supported currency
     - # ...
     - # Nth supported currency
-  circuitBreaker:
-    failureRateThreshold: # value
-    ringBufferSizeInHalfOpenState: # value
-    ringBufferSizeInClosedState: # value
-    waitDurationInOpenStateInSeconds: # value
-  retry:
-    maxAttempts: # value
-    waitDuration: # value
+
+badges:
+  badges:
+    - id: TEST
+      category: other
+      sprites: # exactly 6
+        - sprite-1.png
+        - sprite-2.png
+        - sprite-3.png
+        - sprite-4.png
+        - sprite-5.png
+        - sprite-6.png
+      svg: example.svg
+      svgs:
+        - light: example-light.svg
+          dark: example-dark.svg
+  badgeIdsEnabledForAll:
+    - TEST
+  receiptLevels:
+    '1': TEST
+
+subscription: # configuration for Stripe subscriptions
+  badgeGracePeriod: P15D
+  levels:
+    500:
+      badge: EXAMPLE
+      prices:
+        # list of ISO 4217 currency codes and amounts for the given badge level
+        xts:
+          amount: '10'
+          id: price_example # stripe ID
+
+boost:
+  level: 1
+  expiration: P90D
+  badge: EXAMPLE
+  currencies:
+    # ISO 4217 currency codes and amounts in those currencies
+    xts:
+      - '1'
+      - '2'
+      - '4'
+      - '8'
+      - '20'
+      - '40'
+
+gift:
+  level: 10
+  expiration: P90D
+  badge: EXAMPLE
+  currencies:
+    # ISO 4217 currency codes and amounts in those currencies
+    xts: '2'

service/pom.xml

@@ -5,16 +5,10 @@
   <parent>
     <artifactId>TextSecureServer</artifactId>
     <groupId>org.whispersystems.textsecure</groupId>
-    <version>1.0</version>
+    <version>JGITVER</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
-
   <artifactId>service</artifactId>
-  <version>${TextSecureServer.version}</version>
-
-  <properties>
-    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-  </properties>
 
   <dependencies>
     <dependency>
@@ -33,38 +27,22 @@
     <dependency>
       <groupId>org.whispersystems.textsecure</groupId>
       <artifactId>redis-dispatch</artifactId>
-      <version>${TextSecureServer.version}</version>
+      <version>${project.version}</version>
     </dependency>
     <dependency>
       <groupId>org.whispersystems.textsecure</groupId>
       <artifactId>websocket-resources</artifactId>
-      <version>${TextSecureServer.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>org.whispersystems.textsecure</groupId>
-      <artifactId>gcm-sender-async</artifactId>
-      <version>${TextSecureServer.version}</version>
-      <exclusions>
-        <exclusion>
-          <groupId>com.google.guava</groupId>
-          <artifactId>guava</artifactId>
-        </exclusion>
-      </exclusions>
+      <version>${project.version}</version>
     </dependency>
     <dependency>
       <groupId>org.signal</groupId>
-      <artifactId>zkgroup-java</artifactId>
-      <version>0.7.0</version>
+      <artifactId>libsignal-server</artifactId>
     </dependency>
 
     <dependency>
       <groupId>io.dropwizard</groupId>
       <artifactId>dropwizard-core</artifactId>
     </dependency>
-    <dependency>
-      <groupId>io.dropwizard</groupId>
-      <artifactId>dropwizard-jdbi3</artifactId>
-    </dependency>
     <dependency>
       <groupId>io.dropwizard</groupId>
       <artifactId>dropwizard-auth</artifactId>
@@ -134,27 +112,12 @@
     <dependency>
       <groupId>net.logstash.logback</groupId>
       <artifactId>logstash-logback-encoder</artifactId>
-      <version>6.6</version>
-    </dependency>
-
-    <dependency>
-      <groupId>org.jdbi</groupId>
-      <artifactId>jdbi3-core</artifactId>
-    </dependency>
-
-    <dependency>
-      <groupId>org.liquibase</groupId>
-      <artifactId>liquibase-core</artifactId>
     </dependency>
 
     <dependency>
       <groupId>io.dropwizard.metrics</groupId>
       <artifactId>metrics-core</artifactId>
     </dependency>
-    <dependency>
-      <groupId>io.dropwizard.metrics</groupId>
-      <artifactId>metrics-jdbi3</artifactId>
-    </dependency>
     <dependency>
       <groupId>io.dropwizard.metrics</groupId>
       <artifactId>metrics-healthchecks</artifactId>
@@ -178,14 +141,18 @@
     <dependency>
       <groupId>org.glassfish.jaxb</groupId>
       <artifactId>jaxb-runtime</artifactId>
-      <version>2.3.1</version>
-      <scope>runtime</scope>
     </dependency>
 
     <dependency>
       <groupId>io.dropwizard</groupId>
       <artifactId>dropwizard-testing</artifactId>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>junit</groupId>
+          <artifactId>junit</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -204,17 +171,43 @@
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
-      <version>1.13</version>
     </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-csv</artifactId>
-      <version>1.8</version>
     </dependency>
+
     <dependency>
-      <groupId>io.vavr</groupId>
-      <artifactId>vavr</artifactId>
-      <version>0.10.2</version>
+      <groupId>com.google.firebase</groupId>
+      <artifactId>firebase-admin</artifactId>
+      <version>9.0.0</version>
+
+      <!-- firebase-admin has conflicting versions of these artifacts in its dependency tree; for firebase-admin
+      9.0.0, we'll need to depend directly on com.google.api-client:google-api-client:1.35.1 and
+      com.google.oauth-client:google-oauth-client:1.34.1 -->
+      <exclusions>
+        <exclusion>
+          <groupId>com.google.api-client</groupId>
+          <artifactId>google-api-client</artifactId>
+        </exclusion>
+
+        <exclusion>
+          <groupId>com.google.oauth-client</groupId>
+          <artifactId>google-oauth-client</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+
+    <dependency>
+      <groupId>com.google.api-client</groupId>
+      <artifactId>google-api-client</artifactId>
+      <version>1.35.1</version>
+    </dependency>
+
+    <dependency>
+      <groupId>com.google.oauth-client</groupId>
+      <artifactId>google-oauth-client</artifactId>
+      <version>1.34.1</version>
     </dependency>
 
     <dependency>
@@ -225,12 +218,6 @@
     <dependency>
       <groupId>io.github.resilience4j</groupId>
       <artifactId>resilience4j-circuitbreaker</artifactId>
-      <exclusions>
-        <exclusion>
-          <groupId>org.slf4j</groupId>
-          <artifactId>slf4j-api</artifactId>
-        </exclusion>
-      </exclusions>
     </dependency>
     <dependency>
       <groupId>io.github.resilience4j</groupId>
@@ -243,9 +230,12 @@
     </dependency>
     <dependency>
       <groupId>io.micrometer</groupId>
-      <artifactId>micrometer-registry-wavefront</artifactId>
+      <artifactId>micrometer-registry-datadog</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.coursera</groupId>
+      <artifactId>dropwizard-metrics-datadog</artifactId>
     </dependency>
-
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-core</artifactId>
@@ -271,10 +261,30 @@
       <artifactId>jackson-jaxrs-json-provider</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>sts</artifactId>
+    </dependency>
     <dependency>
       <groupId>software.amazon.awssdk</groupId>
       <artifactId>s3</artifactId>
     </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>sqs</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>dynamodb</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>appconfig</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>appconfigdata</artifactId>
+    </dependency>
     <dependency>
       <groupId>com.amazonaws</groupId>
       <artifactId>aws-java-sdk-core</artifactId>
@@ -285,90 +295,53 @@
     </dependency>
     <dependency>
       <groupId>com.amazonaws</groupId>
-      <artifactId>aws-java-sdk-sqs</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.amazonaws</groupId>
-      <artifactId>aws-java-sdk-appconfig</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.amazonaws</groupId>
-      <artifactId>aws-java-sdk-dynamodb</artifactId>
-    </dependency>
-
-    <dependency>
-      <groupId>redis.clients</groupId>
-      <artifactId>jedis</artifactId>
-      <version>2.9.0</version>
-      <type>jar</type>
-      <scope>compile</scope>
-    </dependency>
-
-    <dependency>
-      <groupId>io.lettuce</groupId>
-      <artifactId>lettuce-core</artifactId>
-      <version>6.0.4.RELEASE</version>
-    </dependency>
-
-    <dependency>
-      <groupId>org.postgresql</groupId>
-      <artifactId>postgresql</artifactId>
-      <version>9.4-1201-jdbc41</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.whispersystems</groupId>
-      <artifactId>curve25519-java</artifactId>
-      <version>0.5.0</version>
-    </dependency>
-
-
-    <dependency>
-      <groupId>com.eatthepath</groupId>
-      <artifactId>pushy</artifactId>
-      <version>${pushy.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>com.eatthepath</groupId>
-      <artifactId>pushy-dropwizard-metrics-listener</artifactId>
-      <version>${pushy.version}</version>
+      <artifactId>dynamodb-lock-client</artifactId>
+      <version>1.1.0</version>
       <exclusions>
         <exclusion>
-          <groupId>io.dropwizard.metrics</groupId>
-          <artifactId>metrics-core</artifactId>
+          <groupId>commons-logging</groupId>
+          <artifactId>commons-logging</artifactId>
         </exclusion>
       </exclusions>
     </dependency>
 
     <dependency>
-      <groupId>io.netty</groupId>
-      <artifactId>netty-tcnative-boringssl-static</artifactId>
-      <version>2.0.34.Final</version>
-      <scope>runtime</scope>
+      <groupId>redis.clients</groupId>
+      <artifactId>jedis</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>io.lettuce</groupId>
+      <artifactId>lettuce-core</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>com.eatthepath</groupId>
+      <artifactId>pushy</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.eatthepath</groupId>
+      <artifactId>pushy-dropwizard-metrics-listener</artifactId>
     </dependency>
 
     <dependency>
       <groupId>com.vdurmont</groupId>
       <artifactId>semver4j</artifactId>
-      <version>3.1.0</version>
     </dependency>
 
     <dependency>
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
-      <version>30.1.1-jre</version>
     </dependency>
 
     <dependency>
       <groupId>com.google.protobuf</groupId>
       <artifactId>protobuf-java</artifactId>
-      <version>2.6.1</version>
     </dependency>
 
     <dependency>
       <groupId>com.googlecode.libphonenumber</groupId>
       <artifactId>libphonenumber</artifactId>
-      <version>8.12.21</version>
     </dependency>
 
     <dependency>
@@ -380,6 +353,12 @@
       <groupId>org.glassfish.jersey.test-framework</groupId>
       <artifactId>jersey-test-framework-core</artifactId>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>junit</groupId>
+          <artifactId>junit</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.glassfish.jersey.test-framework.providers</groupId>
@@ -397,13 +376,6 @@
       </exclusions>
     </dependency>
 
-    <dependency>
-      <groupId>com.opentable.components</groupId>
-      <artifactId>otj-pg-embedded</artifactId>
-      <version>0.13.3</version>
-      <scope>test</scope>
-    </dependency>
-
     <dependency>
       <groupId>com.almworks.sqlite4java</groupId>
       <artifactId>sqlite4java</artifactId>
@@ -414,29 +386,22 @@
     <dependency>
       <groupId>io.projectreactor</groupId>
       <artifactId>reactor-core</artifactId>
-      <version>3.3.16.RELEASE</version>
+      <version>3.3.22.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>io.vavr</groupId>
+      <artifactId>vavr</artifactId>
     </dependency>
 
-    <dependency>
-      <groupId>org.junit.jupiter</groupId>
-      <artifactId>junit-jupiter-api</artifactId>
-      <scope>test</scope>
-    </dependency>
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter-params</artifactId>
       <scope>test</scope>
     </dependency>
-    <dependency>
-      <groupId>org.junit.vintage</groupId>
-      <artifactId>junit-vintage-engine</artifactId>
-      <scope>test</scope>
-    </dependency>
 
     <dependency>
       <groupId>org.signal</groupId>
       <artifactId>embedded-redis</artifactId>
-      <version>0.8.1</version>
       <scope>test</scope>
     </dependency>
 
@@ -450,81 +415,174 @@
     <dependency>
       <groupId>com.amazonaws</groupId>
       <artifactId>DynamoDBLocal</artifactId>
-      <version>1.13.6</version>
+      <version>1.17.2</version>
       <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <groupId>org.antlr</groupId>
-          <artifactId>antlr4-runtime</artifactId>
-        </exclusion>
-      </exclusions>
     </dependency>
 
     <dependency>
-      <groupId>pl.pragmatists</groupId>
-      <artifactId>JUnitParams</artifactId>
-      <version>1.1.1</version>
-      <scope>test</scope>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-cloud-recaptchaenterprise</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>com.stripe</groupId>
+      <artifactId>stripe-java</artifactId>
     </dependency>
   </dependencies>
 
+  <profiles>
+    <profile>
+      <id>exclude-abusive-message-filter</id>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-shade-plugin</artifactId>
+            <version>3.2.4</version>
+            <configuration>
+              <createDependencyReducedPom>true</createDependencyReducedPom>
+              <filters>
+                <filter>
+                  <artifact>*:*</artifact>
+                  <excludes>
+                    <exclude>META-INF/*.SF</exclude>
+                    <exclude>META-INF/*.DSA</exclude>
+                    <exclude>META-INF/*.RSA</exclude>
+                  </excludes>
+                </filter>
+              </filters>
+            </configuration>
+            <executions>
+              <execution>
+                <phase>package</phase>
+                <goals>
+                  <goal>shade</goal>
+                </goals>
+                <configuration>
+                  <transformers>
+                    <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
+                    <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+                      <mainClass>org.whispersystems.textsecuregcm.WhisperServerService</mainClass>
+                    </transformer>
+                  </transformers>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-assembly-plugin</artifactId>
+            <version>3.3.0</version>
+            <configuration>
+              <descriptors>
+                <descriptor>assembly.xml</descriptor>
+              </descriptors>
+            </configuration>
+            <executions>
+              <execution>
+                <id>make-assembly</id> <!-- this is used for inheritance merges -->
+                <phase>package</phase> <!-- bind to the packaging phase -->
+                <goals>
+                  <goal>single</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+
+          <plugin>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>properties-maven-plugin</artifactId>
+            <version>1.0.0</version>
+            <executions>
+              <execution>
+                <id>read-deploy-configuration</id>
+                <phase>deploy</phase>
+                <goals>
+                  <goal>read-project-properties</goal>
+                </goals>
+                <configuration>
+                  <files>${project.basedir}/config/deploy.properties</files>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+
+          <plugin>
+            <groupId>org.signal</groupId>
+            <artifactId>s3-upload-maven-plugin</artifactId>
+            <version>1.6-SNAPSHOT</version>
+            <configuration>
+              <source>${project.build.directory}/${project.build.finalName}-bin.tar.gz</source>
+              <bucketName>${deploy.bucketName}</bucketName>
+              <region>${deploy.bucketRegion}</region>
+              <destination>${project.build.finalName}-bin.tar.gz</destination>
+            </configuration>
+            <executions>
+              <execution>
+                <id>deploy-to-s3</id>
+                <phase>deploy</phase>
+                <goals>
+                  <goal>s3-upload</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
 
   <build>
-    <finalName>${parent.artifactId}-${TextSecureServer.version}</finalName>
+    <finalName>${project.parent.artifactId}-${project.version}</finalName>
     <plugins>
       <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-shade-plugin</artifactId>
-        <version>1.6</version>
-        <configuration>
-          <createDependencyReducedPom>true</createDependencyReducedPom>
-          <filters>
-            <filter>
-              <artifact>*:*</artifact>
-              <excludes>
-                <exclude>META-INF/*.SF</exclude>
-                <exclude>META-INF/*.DSA</exclude>
-                <exclude>META-INF/*.RSA</exclude>
-              </excludes>
-            </filter>
-          </filters>
-        </configuration>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>templating-maven-plugin</artifactId>
+        <version>1.0.0</version>
         <executions>
           <execution>
-            <phase>package</phase>
+            <id>filter-src</id>
             <goals>
-              <goal>shade</goal>
+              <goal>filter-sources</goal>
             </goals>
-            <configuration>
-              <transformers>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
-                  <mainClass>org.whispersystems.textsecuregcm.WhisperServerService</mainClass>
-                </transformer>
-              </transformers>
-            </configuration>
           </execution>
         </executions>
       </plugin>
 
       <plugin>
-        <artifactId>maven-assembly-plugin</artifactId>
-        <version>2.4</version>
-        <configuration>
-          <descriptors>
-            <descriptor>assembly.xml</descriptor>
-          </descriptors>
-        </configuration>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
         <executions>
           <execution>
-            <id>make-assembly</id> <!-- this is used for inheritance merges -->
-            <phase>package</phase> <!-- bind to the packaging phase -->
             <goals>
-              <goal>single</goal>
+              <goal>test-jar</goal>
             </goals>
           </execution>
         </executions>
       </plugin>
+
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>exec-maven-plugin</artifactId>
+        <version>3.0.0</version>
+        <executions>
+          <execution>
+            <id>check-all-service-config</id>
+            <phase>verify</phase>
+            <goals>
+              <goal>java</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <mainClass>org.whispersystems.textsecuregcm.CheckServiceConfigurations</mainClass>
+          <classpathScope>test</classpathScope>
+          <arguments>
+            <argument>${project.basedir}/config</argument>
+          </arguments>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 </project>

service/protobuf/Makefile

@@ -1,3 +0,0 @@
-
-all:
-	protoc --java_out=../src/main/java/ TextSecure.proto PubSubMessage.proto

service/src/main/java-templates/org/whispersystems/textsecuregcm/WhisperServerVersion.java

@@ -0,0 +1,15 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm;
+
+public class WhisperServerVersion {
+
+  private static final String VERSION = "${project.version}";
+
+  public static String getServerVersion() {
+    return VERSION;
+  }
+}

service/src/main/java/org/signal/i18n/HeaderControlledResourceBundleLookup.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.signal.i18n;
+
+import com.google.common.annotations.VisibleForTesting;
+import java.util.List;
+import java.util.Locale;
+import java.util.Objects;
+import java.util.ResourceBundle;
+import java.util.ResourceBundle.Control;
+import java.util.stream.Collectors;
+import javax.annotation.Nonnull;
+
+public class HeaderControlledResourceBundleLookup {
+
+  private static final int MAX_LOCALES = 15;
+
+  private final ResourceBundleFactory resourceBundleFactory;
+
+  public HeaderControlledResourceBundleLookup() {
+    this(ResourceBundle::getBundle);
+  }
+
+  @VisibleForTesting
+  public HeaderControlledResourceBundleLookup(
+      @Nonnull final ResourceBundleFactory resourceBundleFactory) {
+    this.resourceBundleFactory = Objects.requireNonNull(resourceBundleFactory);
+  }
+
+  @Nonnull
+  private List<Locale> getAcceptableLocales(final List<Locale> acceptableLanguages) {
+    return acceptableLanguages.stream().limit(MAX_LOCALES).distinct().collect(Collectors.toList());
+  }
+
+  @Nonnull
+  public ResourceBundle getResourceBundle(final String baseName, final List<Locale> acceptableLocales) {
+    final List<Locale> deduplicatedLocales = getAcceptableLocales(acceptableLocales);
+    final Locale desiredLocale = deduplicatedLocales.isEmpty() ? Locale.getDefault() : deduplicatedLocales.get(0);
+    // define a control with a fallback order as specified in the header
+    Control control = new Control() {
+      @Override
+      public List<String> getFormats(final String baseName) {
+        Objects.requireNonNull(baseName);
+        return Control.FORMAT_PROPERTIES;
+      }
+
+      @Override
+      public Locale getFallbackLocale(final String baseName, final Locale locale) {
+        Objects.requireNonNull(baseName);
+        if (locale.equals(Locale.getDefault())) {
+          return null;
+        }
+        final int localeIndex = deduplicatedLocales.indexOf(locale);
+        if (localeIndex < 0 || localeIndex >= deduplicatedLocales.size() - 1) {
+          return Locale.getDefault();
+        }
+        // [0, deduplicatedLocales.size() - 2] is now the possible range for localeIndex
+        return deduplicatedLocales.get(localeIndex + 1);
+      }
+    };
+
+    return resourceBundleFactory.createBundle(baseName, desiredLocale, control);
+  }
+}

service/src/main/java/org/signal/i18n/ResourceBundleFactory.java

@@ -0,0 +1,13 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.signal.i18n;
+
+import java.util.Locale;
+import java.util.ResourceBundle;
+
+public interface ResourceBundleFactory {
+  ResourceBundle createBundle(String baseName, Locale locale, ResourceBundle.Control control);
+}

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerConfiguration.java

@@ -1,49 +1,51 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import io.dropwizard.Configuration;
-import io.dropwizard.client.JerseyClientConfiguration;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.configuration.AbusiveMessageFilterConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AccountDatabaseCrawlerConfiguration;
-import org.whispersystems.textsecuregcm.configuration.AccountsDatabaseConfiguration;
-import org.whispersystems.textsecuregcm.configuration.AccountsDynamoDbConfiguration;
 import org.whispersystems.textsecuregcm.configuration.ApnConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AppConfigConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AwsAttachmentsConfiguration;
+import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
+import org.whispersystems.textsecuregcm.configuration.BoostConfiguration;
 import org.whispersystems.textsecuregcm.configuration.CdnConfiguration;
-import org.whispersystems.textsecuregcm.configuration.DatabaseConfiguration;
+import org.whispersystems.textsecuregcm.configuration.DatadogConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DirectoryConfiguration;
+import org.whispersystems.textsecuregcm.configuration.DirectoryV2Configuration;
 import org.whispersystems.textsecuregcm.configuration.DonationConfiguration;
-import org.whispersystems.textsecuregcm.configuration.DynamoDbConfiguration;
-import org.whispersystems.textsecuregcm.configuration.GcmConfiguration;
+import org.whispersystems.textsecuregcm.configuration.DynamoDbClientConfiguration;
+import org.whispersystems.textsecuregcm.configuration.DynamoDbTables;
+import org.whispersystems.textsecuregcm.configuration.FcmConfiguration;
 import org.whispersystems.textsecuregcm.configuration.GcpAttachmentsConfiguration;
+import org.whispersystems.textsecuregcm.configuration.GiftConfiguration;
 import org.whispersystems.textsecuregcm.configuration.MaxDeviceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.MessageCacheConfiguration;
-import org.whispersystems.textsecuregcm.configuration.MessageDynamoDbConfiguration;
-import org.whispersystems.textsecuregcm.configuration.MicrometerConfiguration;
 import org.whispersystems.textsecuregcm.configuration.PaymentsServiceConfiguration;
-import org.whispersystems.textsecuregcm.configuration.PushConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RateLimitsConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RecaptchaConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RedisClusterConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RedisConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RemoteConfigConfiguration;
+import org.whispersystems.textsecuregcm.configuration.ReportMessageConfiguration;
 import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.SecureStorageServiceConfiguration;
+import org.whispersystems.textsecuregcm.configuration.StripeConfiguration;
+import org.whispersystems.textsecuregcm.configuration.SubscriptionConfiguration;
 import org.whispersystems.textsecuregcm.configuration.TestDeviceConfiguration;
-import org.whispersystems.textsecuregcm.configuration.MonitoredS3ObjectConfiguration;
-import org.whispersystems.textsecuregcm.configuration.TurnConfiguration;
 import org.whispersystems.textsecuregcm.configuration.TwilioConfiguration;
 import org.whispersystems.textsecuregcm.configuration.UnidentifiedDeliveryConfiguration;
+import org.whispersystems.textsecuregcm.configuration.UsernameConfiguration;
 import org.whispersystems.textsecuregcm.configuration.VoiceVerificationConfiguration;
 import org.whispersystems.textsecuregcm.configuration.ZkConfig;
 import org.whispersystems.websocket.configuration.WebSocketConfiguration;
@@ -54,12 +56,22 @@ public class WhisperServerConfiguration extends Configuration {
   @NotNull
   @Valid
   @JsonProperty
-  private TwilioConfiguration twilio;
+  private StripeConfiguration stripe;
 
   @NotNull
   @Valid
   @JsonProperty
-  private PushConfiguration push;
+  private DynamoDbClientConfiguration dynamoDbClientConfiguration;
+
+  @NotNull
+  @Valid
+  @JsonProperty
+  private DynamoDbTables dynamoDbTables;
+
+  @NotNull
+  @Valid
+  @JsonProperty
+  private TwilioConfiguration twilio;
 
   @NotNull
   @Valid
@@ -79,7 +91,7 @@ public class WhisperServerConfiguration extends Configuration {
   @NotNull
   @Valid
   @JsonProperty
-  private MicrometerConfiguration micrometer;
+  private DatadogConfiguration datadog;
 
   @NotNull
   @Valid
@@ -101,6 +113,11 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private DirectoryConfiguration directory;
 
+  @NotNull
+  @Valid
+  @JsonProperty
+  private DirectoryV2Configuration directoryV2;
+
   @NotNull
   @Valid
   @JsonProperty
@@ -126,46 +143,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private RedisClusterConfiguration clientPresenceCluster;
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private MessageDynamoDbConfiguration messageDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration keysDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private AccountsDynamoDbConfiguration accountsDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration migrationDeletedAccountsDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration migrationRetryAccountsDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration pushChallengeDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration reportMessageDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DatabaseConfiguration abuseDatabase;
-
   @Valid
   @NotNull
   @JsonProperty
@@ -176,21 +153,11 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private List<MaxDeviceConfiguration> maxDevices = new LinkedList<>();
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private AccountsDatabaseConfiguration accountsDatabase;
-
   @Valid
   @NotNull
   @JsonProperty
   private RateLimitsConfiguration limits = new RateLimitsConfiguration();
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private JerseyClientConfiguration httpClient = new JerseyClientConfiguration();
-
   @Valid
   @NotNull
   @JsonProperty
@@ -199,12 +166,7 @@ public class WhisperServerConfiguration extends Configuration {
   @Valid
   @NotNull
   @JsonProperty
-  private TurnConfiguration turn;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private GcmConfiguration gcm;
+  private FcmConfiguration fcm;
 
   @Valid
   @NotNull
@@ -256,22 +218,56 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private AppConfigConfiguration appConfig;
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private MonitoredS3ObjectConfiguration torExitNodeList;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private MonitoredS3ObjectConfiguration asnTable;
-
   @Valid
   @NotNull
   @JsonProperty
   private DonationConfiguration donation;
 
-  private Map<String, String> transparentDataIndex = new HashMap<>();
+  @Valid
+  @NotNull
+  @JsonProperty
+  private BadgesConfiguration badges;
+
+  @Valid
+  @JsonProperty
+  @NotNull
+  private SubscriptionConfiguration subscription;
+
+  @Valid
+  @JsonProperty
+  @NotNull
+  private BoostConfiguration boost;
+
+  @Valid
+  @JsonProperty
+  @NotNull
+  private GiftConfiguration gift;
+
+  @Valid
+  @NotNull
+  @JsonProperty
+  private ReportMessageConfiguration reportMessage = new ReportMessageConfiguration();
+
+  @Valid
+  @NotNull
+  @JsonProperty
+  private UsernameConfiguration username = new UsernameConfiguration();
+
+  @Valid
+  @JsonProperty
+  private AbusiveMessageFilterConfiguration abusiveMessageFilter;
+
+  public StripeConfiguration getStripe() {
+    return stripe;
+  }
+
+  public DynamoDbClientConfiguration getDynamoDbClientConfiguration() {
+    return dynamoDbClientConfiguration;
+  }
+
+  public DynamoDbTables getDynamoDbTables() {
+    return dynamoDbTables;
+  }
 
   public RecaptchaConfiguration getRecaptchaConfiguration() {
     return recaptcha;
@@ -289,14 +285,6 @@ public class WhisperServerConfiguration extends Configuration {
     return twilio;
   }
 
-  public PushConfiguration getPushConfiguration() {
-    return push;
-  }
-
-  public JerseyClientConfiguration getJerseyClientConfiguration() {
-    return httpClient;
-  }
-
   public AwsAttachmentsConfiguration getAwsAttachmentsConfiguration() {
     return awsAttachments;
   }
@@ -321,6 +309,10 @@ public class WhisperServerConfiguration extends Configuration {
     return directory;
   }
 
+  public DirectoryV2Configuration getDirectoryV2Configuration() {
+    return directoryV2;
+  }
+
   public SecureStorageServiceConfiguration getSecureStorageServiceConfiguration() {
     return storageService;
   }
@@ -345,44 +337,12 @@ public class WhisperServerConfiguration extends Configuration {
     return rateLimitersCluster;
   }
 
-  public MessageDynamoDbConfiguration getMessageDynamoDbConfiguration() {
-    return messageDynamoDb;
-  }
-
-  public DynamoDbConfiguration getKeysDynamoDbConfiguration() {
-    return keysDynamoDb;
-  }
-
-  public AccountsDynamoDbConfiguration getAccountsDynamoDbConfiguration() {
-    return accountsDynamoDb;
-  }
-
-  public DynamoDbConfiguration getMigrationDeletedAccountsDynamoDbConfiguration() {
-    return migrationDeletedAccountsDynamoDb;
-  }
-
-  public DynamoDbConfiguration getMigrationRetryAccountsDynamoDbConfiguration() {
-    return migrationRetryAccountsDynamoDb;
-  }
-
-  public DatabaseConfiguration getAbuseDatabaseConfiguration() {
-    return abuseDatabase;
-  }
-
-  public AccountsDatabaseConfiguration getAccountsDatabaseConfiguration() {
-    return accountsDatabase;
-  }
-
   public RateLimitsConfiguration getLimitsConfiguration() {
     return limits;
   }
 
-  public TurnConfiguration getTurnConfiguration() {
-    return turn;
-  }
-
-  public GcmConfiguration getGcmConfiguration() {
-    return gcm;
+  public FcmConfiguration getFcmConfiguration() {
+    return fcm;
   }
 
   public ApnConfiguration getApnConfiguration() {
@@ -393,8 +353,8 @@ public class WhisperServerConfiguration extends Configuration {
     return cdn;
   }
 
-  public MicrometerConfiguration getMicrometerConfiguration() {
-    return micrometer;
+  public DatadogConfiguration getDatadogConfiguration() {
+    return datadog;
   }
 
   public UnidentifiedDeliveryConfiguration getDeliveryCertificate() {
@@ -423,10 +383,6 @@ public class WhisperServerConfiguration extends Configuration {
     return results;
   }
 
-  public Map<String, String> getTransparentDataIndex() {
-    return transparentDataIndex;
-  }
-
   public SecureBackupServiceConfiguration getSecureBackupServiceConfiguration() {
     return backupService;
   }
@@ -447,23 +403,35 @@ public class WhisperServerConfiguration extends Configuration {
     return appConfig;
   }
 
-  public DynamoDbConfiguration getPushChallengeDynamoDbConfiguration() {
-    return pushChallengeDynamoDb;
-  }
-
-  public DynamoDbConfiguration getReportMessageDynamoDbConfiguration() {
-    return reportMessageDynamoDb;
-  }
-
-  public MonitoredS3ObjectConfiguration getTorExitNodeListConfiguration() {
-    return torExitNodeList;
-  }
-
-  public MonitoredS3ObjectConfiguration getAsnTableConfiguration() {
-    return asnTable;
-  }
-
   public DonationConfiguration getDonationConfiguration() {
     return donation;
   }
+
+  public BadgesConfiguration getBadges() {
+    return badges;
+  }
+
+  public SubscriptionConfiguration getSubscription() {
+    return subscription;
+  }
+
+  public BoostConfiguration getBoost() {
+    return boost;
+  }
+
+  public GiftConfiguration getGift() {
+    return gift;
+  }
+
+  public ReportMessageConfiguration getReportMessageConfiguration() {
+    return reportMessage;
+  }
+
+  public AbusiveMessageFilterConfiguration getAbusiveMessageFilterConfiguration() {
+    return abusiveMessageFilter;
+  }
+
+  public UsernameConfiguration getUsername() {
+    return username;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/abuse/AbusiveMessageFilter.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.abuse;
+
+import io.dropwizard.lifecycle.Managed;
+import javax.ws.rs.container.ContainerRequestFilter;
+import java.io.IOException;
+
+/**
+ * An abusive message filter is a {@link ContainerRequestFilter} that filters requests to message-sending endpoints to
+ * detect and respond to patterns of abusive behavior.
+ * <p/>
+ * Abusive message filters are managed components that are generally loaded dynamically via a
+ * {@link java.util.ServiceLoader}. Their {@link #configure(String)} method will be called prior to be adding to the
+ * server's pool of {@link Managed} objects.
+ * <p/>
+ * Abusive message filters must be annotated with {@link FilterAbusiveMessages}, a name binding annotation that
+ * restricts the endpoints to which the filter may apply.
+ */
+public interface AbusiveMessageFilter extends ContainerRequestFilter, Managed {
+
+  /**
+   * Configures this abusive message filter. This method will be called before the filter is added to the server's pool
+   * of managed objects and before the server processes any requests.
+   *
+   * @param environmentName the name of the environment in which this filter is running (e.g. "staging" or "production")
+   * @throws IOException if the filter could not read its configuration source for any reason
+   */
+  void configure(String environmentName) throws IOException;
+}

service/src/main/java/org/whispersystems/textsecuregcm/abuse/FilterAbusiveMessages.java

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.abuse;
+
+import javax.ws.rs.NameBinding;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * A name-binding annotation that associates {@link AbusiveMessageFilter}s with resource methods.
+ */
+@NameBinding
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+public @interface FilterAbusiveMessages {
+}

service/src/main/java/org/whispersystems/textsecuregcm/abuse/RateLimitChallengeListener.java

@@ -0,0 +1,24 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.abuse;
+
+
+import org.whispersystems.textsecuregcm.storage.Account;
+import java.io.IOException;
+
+public interface RateLimitChallengeListener {
+
+  void handleRateLimitChallengeAnswered(Account account);
+
+  /**
+   * Configures this rate limit challenge listener. This method will be called before the service begins processing any
+   * challenges.
+   *
+   * @param environmentName the name of the environment in which this listener is running (e.g. "staging" or "production")
+   * @throws IOException if the listener could not read its configuration source for any reason
+   */
+  void configure(String environmentName) throws IOException;
+}

service/src/main/java/org/whispersystems/textsecuregcm/abuse/RateLimitChallengeType.java

@@ -0,0 +1,12 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.abuse;
+
+public enum RateLimitChallengeType {
+
+  PUSH_CHALLENGE,
+  RECAPTCHA
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAndAuthenticatedDeviceHolder.java

@@ -0,0 +1,16 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.Device;
+
+public interface AccountAndAuthenticatedDeviceHolder {
+
+  Account getAccount();
+
+  Device getAuthenticatedDevice();
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAuthenticator.java

@@ -1,39 +1,24 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm.auth;
 
-import io.micrometer.core.instrument.Metrics;
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-
-import java.util.Optional;
-
 import io.dropwizard.auth.Authenticator;
 import io.dropwizard.auth.basic.BasicCredentials;
+import java.util.Optional;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
 
-import static com.codahale.metrics.MetricRegistry.name;
-
-public class AccountAuthenticator extends BaseAccountAuthenticator implements Authenticator<BasicCredentials, Account> {
-
-  private static final String AUTHENTICATION_COUNTER_NAME     = name(AccountAuthenticator.class, "authenticate");
-  private static final String GV2_CAPABLE_TAG_NAME            = "gv1Migration";
+public class AccountAuthenticator extends BaseAccountAuthenticator implements
+    Authenticator<BasicCredentials, AuthenticatedAccount> {
 
   public AccountAuthenticator(AccountsManager accountsManager) {
     super(accountsManager);
   }
 
   @Override
-  public Optional<Account> authenticate(BasicCredentials basicCredentials) {
-    final Optional<Account> maybeAccount = super.authenticate(basicCredentials, true);
-
-    // TODO Remove this temporary counter when we can replace it with more generic feature adoption system
-    maybeAccount.ifPresent(account -> {
-      Metrics.counter(AUTHENTICATION_COUNTER_NAME, GV2_CAPABLE_TAG_NAME, String.valueOf(account.isGv1MigrationSupported())).increment();
-    });
-
-    return maybeAccount;
+  public Optional<AuthenticatedAccount> authenticate(BasicCredentials basicCredentials) {
+    return super.authenticate(basicCredentials, true);
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/AmbiguousIdentifier.java

@@ -1,45 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.auth;
-
-import java.util.UUID;
-
-public class AmbiguousIdentifier {
-
-  private final UUID   uuid;
-  private final String number;
-
-  public AmbiguousIdentifier(String target) {
-    if (target.startsWith("+")) {
-      this.uuid   = null;
-      this.number = target;
-    } else {
-      this.uuid   = UUID.fromString(target);
-      this.number = null;
-    }
-  }
-
-  public UUID getUuid() {
-    return uuid;
-  }
-
-  public String getNumber() {
-    return number;
-  }
-
-  public boolean hasUuid() {
-    return uuid != null;
-  }
-
-  public boolean hasNumber() {
-    return number != null;
-  }
-
-  @Override
-  public String toString() {
-    return hasUuid() ? uuid.toString() : number;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthEnablementRefreshRequirementProvider.java

@@ -0,0 +1,100 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import com.google.common.annotations.VisibleForTesting;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import org.glassfish.jersey.server.ContainerRequest;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
+import org.whispersystems.textsecuregcm.storage.Device;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+/**
+ * This {@link WebsocketRefreshRequirementProvider} observes intra-request changes in {@link Account#isEnabled()} and
+ * {@link Device#isEnabled()}.
+ * <p>
+ * If a change in {@link Account#isEnabled()} or any associated {@link Device#isEnabled()} is observed, then any active
+ * WebSocket connections for the account must be closed in order for clients to get a refreshed
+ * {@link io.dropwizard.auth.Auth} object with a current device list.
+ *
+ * @see AuthenticatedAccount
+ * @see DisabledPermittedAuthenticatedAccount
+ */
+public class AuthEnablementRefreshRequirementProvider implements WebsocketRefreshRequirementProvider {
+
+  private final AccountsManager accountsManager;
+
+  private static final Logger logger = LoggerFactory.getLogger(AuthEnablementRefreshRequirementProvider.class);
+
+  private static final String ACCOUNT_UUID = AuthEnablementRefreshRequirementProvider.class.getName() + ".accountUuid";
+  private static final String DEVICES_ENABLED = AuthEnablementRefreshRequirementProvider.class.getName() + ".devicesEnabled";
+
+  public AuthEnablementRefreshRequirementProvider(final AccountsManager accountsManager) {
+    this.accountsManager = accountsManager;
+  }
+
+  @VisibleForTesting
+  static Map<Long, Boolean> buildDevicesEnabledMap(final Account account) {
+    return account.getDevices().stream().collect(Collectors.toMap(Device::getId, Device::isEnabled));
+  }
+
+  @Override
+  public void handleRequestFiltered(final RequestEvent requestEvent) {
+    if (requestEvent.getUriInfo().getMatchedResourceMethod().getInvocable().getHandlingMethod().getAnnotation(ChangesDeviceEnabledState.class) != null) {
+      // The authenticated principal, if any, will be available after filters have run.
+      // Now that the account is known, capture a snapshot of `isEnabled` for the account's devices before carrying out
+      // the request’s business logic.
+      ContainerRequestUtil.getAuthenticatedAccount(requestEvent.getContainerRequest()).ifPresent(account ->
+          setAccount(requestEvent.getContainerRequest(), account));
+    }
+  }
+
+  public static void setAccount(final ContainerRequest containerRequest, final Account account) {
+    containerRequest.setProperty(ACCOUNT_UUID, account.getUuid());
+    containerRequest.setProperty(DEVICES_ENABLED, buildDevicesEnabledMap(account));
+  }
+
+  @Override
+  public List<Pair<UUID, Long>> handleRequestFinished(final RequestEvent requestEvent) {
+    // Now that the request is finished, check whether `isEnabled` changed for any of the devices. If the value did
+    // change or if a devices was added or removed, all devices must disconnect and reauthenticate.
+    if (requestEvent.getContainerRequest().getProperty(DEVICES_ENABLED) != null) {
+
+      @SuppressWarnings("unchecked") final Map<Long, Boolean> initialDevicesEnabled =
+          (Map<Long, Boolean>) requestEvent.getContainerRequest().getProperty(DEVICES_ENABLED);
+
+      return accountsManager.getByAccountIdentifier((UUID) requestEvent.getContainerRequest().getProperty(ACCOUNT_UUID)).map(account -> {
+        final Set<Long> deviceIdsToDisplace;
+        final Map<Long, Boolean> currentDevicesEnabled = buildDevicesEnabledMap(account);
+
+        if (!initialDevicesEnabled.equals(currentDevicesEnabled)) {
+          deviceIdsToDisplace = new HashSet<>(initialDevicesEnabled.keySet());
+          deviceIdsToDisplace.addAll(currentDevicesEnabled.keySet());
+        } else {
+          deviceIdsToDisplace = Collections.emptySet();
+        }
+
+        return deviceIdsToDisplace.stream()
+            .map(deviceId -> new Pair<>(account.getUuid(), deviceId))
+            .collect(Collectors.toList());
+      }).orElseGet(() -> {
+        logger.error("Request had account, but it is no longer present");
+        return Collections.emptyList();
+      });
+    } else
+      return Collections.emptyList();
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthenticatedAccount.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.security.Principal;
+import java.util.function.Supplier;
+import javax.security.auth.Subject;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.Device;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+public class AuthenticatedAccount implements Principal, AccountAndAuthenticatedDeviceHolder {
+
+  private final Supplier<Pair<Account, Device>> accountAndDevice;
+
+  public AuthenticatedAccount(final Supplier<Pair<Account, Device>> accountAndDevice) {
+    this.accountAndDevice = accountAndDevice;
+  }
+
+  @Override
+  public Account getAccount() {
+    return accountAndDevice.get().first();
+  }
+
+  @Override
+  public Device getAuthenticatedDevice() {
+    return accountAndDevice.get().second();
+  }
+
+  // Principal implementation
+
+  @Override
+  public String getName() {
+    return null;
+  }
+
+  @Override
+  public boolean implies(final Subject subject) {
+    return false;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthorizationHeader.java

@@ -1,81 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.textsecuregcm.auth;
-
-
-import org.whispersystems.textsecuregcm.util.Util;
-
-import java.io.IOException;
-import java.util.Base64;
-
-public class AuthorizationHeader {
-
-  private final AmbiguousIdentifier identifier;
-  private final long                deviceId;
-  private final String              password;
-
-  private AuthorizationHeader(AmbiguousIdentifier identifier, long deviceId, String password) {
-    this.identifier = identifier;
-    this.deviceId   = deviceId;
-    this.password   = password;
-  }
-
-  public static AuthorizationHeader fromUserAndPassword(String user, String password) throws InvalidAuthorizationHeaderException {
-    try {
-      String[] numberAndId = user.split("\\.");
-      return new AuthorizationHeader(new AmbiguousIdentifier(numberAndId[0]),
-                                     numberAndId.length > 1 ? Long.parseLong(numberAndId[1]) : 1,
-                                     password);
-    } catch (NumberFormatException nfe) {
-      throw new InvalidAuthorizationHeaderException(nfe);
-    }
-  }
-
-  public static AuthorizationHeader fromFullHeader(String header) throws InvalidAuthorizationHeaderException {
-    try {
-      if (header == null) {
-        throw new InvalidAuthorizationHeaderException("Null header");
-      }
-
-      String[] headerParts = header.split(" ");
-
-      if (headerParts == null || headerParts.length < 2) {
-        throw new InvalidAuthorizationHeaderException("Invalid authorization header: " + header);
-      }
-
-      if (!"Basic".equals(headerParts[0])) {
-        throw new InvalidAuthorizationHeaderException("Unsupported authorization method: " + headerParts[0]);
-      }
-
-      String concatenatedValues = new String(Base64.getDecoder().decode(headerParts[1]));
-
-      if (Util.isEmpty(concatenatedValues)) {
-        throw new InvalidAuthorizationHeaderException("Bad decoded value: " + concatenatedValues);
-      }
-
-      String[] credentialParts = concatenatedValues.split(":");
-
-      if (credentialParts == null || credentialParts.length < 2) {
-        throw new InvalidAuthorizationHeaderException("Badly formated credentials: " + concatenatedValues);
-      }
-
-      return fromUserAndPassword(credentialParts[0], credentialParts[1]);
-    } catch (IllegalArgumentException e) {
-      throw new InvalidAuthorizationHeaderException(e);
-    }
-  }
-
-  public AmbiguousIdentifier getIdentifier() {
-    return identifier;
-  }
-
-  public long getDeviceId() {
-    return deviceId;
-  }
-
-  public String getPassword() {
-    return password;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/auth/BaseAccountAuthenticator.java

@@ -1,49 +1,39 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.auth;
 
-import com.codahale.metrics.Meter;
-import com.codahale.metrics.MetricRegistry;
-import com.codahale.metrics.SharedMetricRegistries;
+import static com.codahale.metrics.MetricRegistry.name;
+
 import com.google.common.annotations.VisibleForTesting;
 import io.dropwizard.auth.basic.BasicCredentials;
-import io.micrometer.core.instrument.DistributionSummary;
 import io.micrometer.core.instrument.Metrics;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-import org.whispersystems.textsecuregcm.storage.Device;
-import org.whispersystems.textsecuregcm.util.Constants;
-import org.whispersystems.textsecuregcm.util.Util;
-
+import io.micrometer.core.instrument.Tags;
 import java.time.Clock;
 import java.time.Duration;
 import java.time.temporal.ChronoUnit;
 import java.util.Optional;
-
-import static com.codahale.metrics.MetricRegistry.name;
+import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
+import org.whispersystems.textsecuregcm.storage.Device;
+import org.whispersystems.textsecuregcm.storage.RefreshingAccountAndDeviceSupplier;
+import org.whispersystems.textsecuregcm.util.Pair;
+import org.whispersystems.textsecuregcm.util.Util;
 
 public class BaseAccountAuthenticator {
 
-  private final MetricRegistry metricRegistry               = SharedMetricRegistries.getOrCreate(Constants.METRICS_NAME);
-  private final Meter          authenticationFailedMeter    = metricRegistry.meter(name(getClass(), "authentication", "failed"         ));
-  private final Meter          authenticationSucceededMeter = metricRegistry.meter(name(getClass(), "authentication", "succeeded"      ));
-  private final Meter          noSuchAccountMeter           = metricRegistry.meter(name(getClass(), "authentication", "noSuchAccount"  ));
-  private final Meter          noSuchDeviceMeter            = metricRegistry.meter(name(getClass(), "authentication", "noSuchDevice"   ));
-  private final Meter          accountDisabledMeter         = metricRegistry.meter(name(getClass(), "authentication", "accountDisabled"));
-  private final Meter          deviceDisabledMeter          = metricRegistry.meter(name(getClass(), "authentication", "deviceDisabled" ));
-  private final Meter          invalidAuthHeaderMeter       = metricRegistry.meter(name(getClass(), "authentication", "invalidHeader"  ));
-
-  private final String daysSinceLastSeenDistributionName = name(getClass(), "authentication", "daysSinceLastSeen");
+  private static final String AUTHENTICATION_COUNTER_NAME = name(BaseAccountAuthenticator.class, "authentication");
+  private static final String AUTHENTICATION_SUCCEEDED_TAG_NAME = "succeeded";
+  private static final String AUTHENTICATION_FAILURE_REASON_TAG_NAME = "reason";
+  private static final String AUTHENTICATION_ENABLED_REQUIRED_TAG_NAME = "enabledRequired";
 
+  private static final String DAYS_SINCE_LAST_SEEN_DISTRIBUTION_NAME = name(BaseAccountAuthenticator.class, "daysSinceLastSeen");
   private static final String IS_PRIMARY_DEVICE_TAG = "isPrimary";
 
-  private final Logger logger = LoggerFactory.getLogger(BaseAccountAuthenticator.class);
-
   private final AccountsManager accountsManager;
   private final Clock           clock;
 
@@ -57,65 +47,100 @@ public class BaseAccountAuthenticator {
     this.clock           = clock;
   }
 
-  public Optional<Account> authenticate(BasicCredentials basicCredentials, boolean enabledRequired) {
-    try {
-      AuthorizationHeader authorizationHeader = AuthorizationHeader.fromUserAndPassword(basicCredentials.getUsername(), basicCredentials.getPassword());
-      Optional<Account>   account             = accountsManager.get(authorizationHeader.getIdentifier());
+  static Pair<String, Long> getIdentifierAndDeviceId(final String basicUsername) {
+    final String identifier;
+    final long deviceId;
 
-      if (!account.isPresent()) {
-        noSuchAccountMeter.mark();
+    final int deviceIdSeparatorIndex = basicUsername.indexOf('.');
+
+    if (deviceIdSeparatorIndex == -1) {
+      identifier = basicUsername;
+      deviceId = Device.MASTER_ID;
+    } else {
+      identifier = basicUsername.substring(0, deviceIdSeparatorIndex);
+      deviceId = Long.parseLong(basicUsername.substring(deviceIdSeparatorIndex + 1));
+    }
+
+    return new Pair<>(identifier, deviceId);
+  }
+
+  public Optional<AuthenticatedAccount> authenticate(BasicCredentials basicCredentials, boolean enabledRequired) {
+    boolean succeeded = false;
+    String failureReason = null;
+
+    try {
+      final UUID accountUuid;
+      final long deviceId;
+      {
+        final Pair<String, Long> identifierAndDeviceId = getIdentifierAndDeviceId(basicCredentials.getUsername());
+
+        accountUuid = UUID.fromString(identifierAndDeviceId.first());
+        deviceId = identifierAndDeviceId.second();
+      }
+
+      Optional<Account> account = accountsManager.getByAccountIdentifier(accountUuid);
+
+      if (account.isEmpty()) {
+        failureReason = "noSuchAccount";
         return Optional.empty();
       }
 
-      Optional<Device> device = account.get().getDevice(authorizationHeader.getDeviceId());
+      Optional<Device> device = account.get().getDevice(deviceId);
 
-      if (!device.isPresent()) {
-        noSuchDeviceMeter.mark();
+      if (device.isEmpty()) {
+        failureReason = "noSuchDevice";
         return Optional.empty();
       }
 
       if (enabledRequired) {
         if (!device.get().isEnabled()) {
-          deviceDisabledMeter.mark();
+          failureReason = "deviceDisabled";
           return Optional.empty();
         }
 
         if (!account.get().isEnabled()) {
-          accountDisabledMeter.mark();
+          failureReason = "accountDisabled";
           return Optional.empty();
         }
       }
 
       if (device.get().getAuthenticationCredentials().verify(basicCredentials.getPassword())) {
-        authenticationSucceededMeter.mark();
-        account.get().setAuthenticatedDevice(device.get());
-        updateLastSeen(account.get(), device.get());
-        return account;
+        succeeded = true;
+        final Account authenticatedAccount = updateLastSeen(account.get(), device.get());
+        return Optional.of(new AuthenticatedAccount(
+            new RefreshingAccountAndDeviceSupplier(authenticatedAccount, device.get().getId(), accountsManager)));
       }
 
-      authenticationFailedMeter.mark();
       return Optional.empty();
     } catch (IllegalArgumentException | InvalidAuthorizationHeaderException iae) {
-      invalidAuthHeaderMeter.mark();
+      failureReason = "invalidHeader";
       return Optional.empty();
+    } finally {
+      Tags tags = Tags.of(
+          AUTHENTICATION_SUCCEEDED_TAG_NAME, String.valueOf(succeeded),
+          AUTHENTICATION_ENABLED_REQUIRED_TAG_NAME, String.valueOf(enabledRequired));
+
+      if (StringUtils.isNotBlank(failureReason)) {
+        tags = tags.and(AUTHENTICATION_FAILURE_REASON_TAG_NAME, failureReason);
+      }
+
+      Metrics.counter(AUTHENTICATION_COUNTER_NAME, tags).increment();
     }
   }
 
   @VisibleForTesting
-  public void updateLastSeen(Account account, Device device) {
+  public Account updateLastSeen(Account account, Device device) {
     final long lastSeenOffsetSeconds   = Math.abs(account.getUuid().getLeastSignificantBits()) % ChronoUnit.DAYS.getDuration().toSeconds();
     final long todayInMillisWithOffset = Util.todayInMillisGivenOffsetFromNow(clock, Duration.ofSeconds(lastSeenOffsetSeconds).negated());
 
     if (device.getLastSeen() < todayInMillisWithOffset) {
-      DistributionSummary.builder(daysSinceLastSeenDistributionName)
-          .tags(IS_PRIMARY_DEVICE_TAG, String.valueOf(device.isMaster()))
-          .publishPercentileHistogram()
-          .register(Metrics.globalRegistry)
+      Metrics.summary(DAYS_SINCE_LAST_SEEN_DISTRIBUTION_NAME, IS_PRIMARY_DEVICE_TAG, String.valueOf(device.isMaster()))
           .record(Duration.ofMillis(todayInMillisWithOffset - device.getLastSeen()).toDays());
 
-      device.setLastSeen(Util.todayInMillis(clock));
-      accountsManager.update(account);
+      return accountsManager.updateDeviceLastSeen(account, device, Util.todayInMillis(clock));
     }
+
+    return account;
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/BasicAuthorizationHeader.java

@@ -0,0 +1,94 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+package org.whispersystems.textsecuregcm.auth;
+
+import java.util.Base64;
+import org.apache.commons.lang3.StringUtils;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+public class BasicAuthorizationHeader {
+
+  private final String username;
+  private final long deviceId;
+  private final String password;
+
+  private BasicAuthorizationHeader(final String username, final long deviceId, final String password) {
+    this.username = username;
+    this.deviceId = deviceId;
+    this.password = password;
+  }
+
+  public static BasicAuthorizationHeader fromString(final String header) throws InvalidAuthorizationHeaderException {
+    try {
+      if (StringUtils.isBlank(header)) {
+        throw new InvalidAuthorizationHeaderException("Blank header");
+      }
+
+      final int spaceIndex = header.indexOf(' ');
+
+      if (spaceIndex == -1) {
+        throw new InvalidAuthorizationHeaderException("Invalid authorization header: " + header);
+      }
+
+      final String authorizationType = header.substring(0, spaceIndex);
+
+      if (!"Basic".equals(authorizationType)) {
+        throw new InvalidAuthorizationHeaderException("Unsupported authorization method: " + authorizationType);
+      }
+
+      final String credentials;
+
+      try {
+        credentials = new String(Base64.getDecoder().decode(header.substring(spaceIndex + 1)));
+      } catch (final IndexOutOfBoundsException e) {
+        throw new InvalidAuthorizationHeaderException("Missing credentials");
+      }
+
+      if (StringUtils.isEmpty(credentials)) {
+        throw new InvalidAuthorizationHeaderException("Bad decoded value: " + credentials);
+      }
+
+      final int credentialSeparatorIndex = credentials.indexOf(':');
+
+      if (credentialSeparatorIndex == -1) {
+        throw new InvalidAuthorizationHeaderException("Badly-formatted credentials: " + credentials);
+      }
+
+      final String usernameComponent = credentials.substring(0, credentialSeparatorIndex);
+
+      final String username;
+      final long deviceId;
+      {
+        final Pair<String, Long> identifierAndDeviceId =
+            BaseAccountAuthenticator.getIdentifierAndDeviceId(usernameComponent);
+
+        username = identifierAndDeviceId.first();
+        deviceId = identifierAndDeviceId.second();
+      }
+
+      final String password = credentials.substring(credentialSeparatorIndex + 1);
+
+      if (StringUtils.isAnyBlank(username, password)) {
+        throw new InvalidAuthorizationHeaderException("Username or password were blank");
+      }
+
+      return new BasicAuthorizationHeader(username, deviceId, password);
+    } catch (final IllegalArgumentException | IndexOutOfBoundsException e) {
+      throw new InvalidAuthorizationHeaderException(e);
+    }
+  }
+
+  public String getUsername() {
+    return username;
+  }
+
+  public long getDeviceId() {
+    return deviceId;
+  }
+
+  public String getPassword() {
+    return password;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/CertificateGenerator.java

@@ -7,18 +7,16 @@ package org.whispersystems.textsecuregcm.auth;
 
 import com.google.protobuf.ByteString;
 import com.google.protobuf.InvalidProtocolBufferException;
-import org.whispersystems.textsecuregcm.crypto.Curve;
-import org.whispersystems.textsecuregcm.crypto.ECPrivateKey;
+import java.security.InvalidKeyException;
+import java.util.Base64;
+import java.util.concurrent.TimeUnit;
+import org.signal.libsignal.protocol.ecc.Curve;
+import org.signal.libsignal.protocol.ecc.ECPrivateKey;
 import org.whispersystems.textsecuregcm.entities.MessageProtos.SenderCertificate;
 import org.whispersystems.textsecuregcm.entities.MessageProtos.ServerCertificate;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.Device;
 
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.util.Base64;
-import java.util.concurrent.TimeUnit;
-
 public class CertificateGenerator {
 
   private final ECPrivateKey      privateKey;
@@ -33,7 +31,7 @@ public class CertificateGenerator {
     this.serverCertificate = ServerCertificate.parseFrom(serverCertificate);
   }
 
-  public byte[] createFor(Account account, Device device, boolean includeE164) throws IOException, InvalidKeyException {
+  public byte[] createFor(Account account, Device device, boolean includeE164) throws InvalidKeyException {
     SenderCertificate.Certificate.Builder builder = SenderCertificate.Certificate.newBuilder()
                                                                                  .setSenderDevice(Math.toIntExact(device.getId()))
                                                                                  .setExpires(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(expiresDays))
@@ -46,7 +44,12 @@ public class CertificateGenerator {
     }
 
     byte[] certificate = builder.build().toByteArray();
-    byte[] signature   = Curve.calculateSignature(privateKey, certificate);
+    byte[] signature;
+    try {
+      signature = Curve.calculateSignature(privateKey, certificate);
+    } catch (org.signal.libsignal.protocol.InvalidKeyException e) {
+      throw new InvalidKeyException(e);
+    }
 
     return SenderCertificate.newBuilder()
                             .setCertificate(ByteString.copyFrom(certificate))

service/src/main/java/org/whispersystems/textsecuregcm/auth/ChangesDeviceEnabledState.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Indicates that an endpoint may change the "enabled" state of one or more devices associated with an account, and that
+ * any websockets associated with the account may need to be refreshed after a call to that endpoint.
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface ChangesDeviceEnabledState {
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/ContainerRequestUtil.java

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import org.glassfish.jersey.server.ContainerRequest;
+import org.whispersystems.textsecuregcm.storage.Account;
+import javax.ws.rs.core.SecurityContext;
+import java.util.Optional;
+
+class ContainerRequestUtil {
+
+  static Optional<Account> getAuthenticatedAccount(final ContainerRequest request) {
+    return Optional.ofNullable(request.getSecurityContext())
+        .map(SecurityContext::getUserPrincipal)
+        .map(principal -> principal instanceof AccountAndAuthenticatedDeviceHolder
+            ? ((AccountAndAuthenticatedDeviceHolder) principal).getAccount() : null);
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/DisabledPermittedAccount.java

@@ -1,36 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.auth;
-
-import org.whispersystems.textsecuregcm.storage.Account;
-
-import javax.security.auth.Subject;
-import java.security.Principal;
-
-public class DisabledPermittedAccount implements Principal  {
-
-  private final Account account;
-
-  public DisabledPermittedAccount(Account account) {
-    this.account = account;
-  }
-
-  public Account getAccount() {
-    return account;
-  }
-
-  // Principal implementation
-
-  @Override
-  public String getName() {
-    return null;
-  }
-
-  @Override
-  public boolean implies(Subject subject) {
-    return false;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/auth/DisabledPermittedAccountAuthenticator.java

@@ -1,27 +1,25 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.auth;
 
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-
-import java.util.Optional;
-
 import io.dropwizard.auth.Authenticator;
 import io.dropwizard.auth.basic.BasicCredentials;
+import java.util.Optional;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
 
-public class DisabledPermittedAccountAuthenticator extends BaseAccountAuthenticator implements Authenticator<BasicCredentials, DisabledPermittedAccount> {
+public class DisabledPermittedAccountAuthenticator extends BaseAccountAuthenticator implements
+    Authenticator<BasicCredentials, DisabledPermittedAuthenticatedAccount> {
 
   public DisabledPermittedAccountAuthenticator(AccountsManager accountsManager) {
     super(accountsManager);
   }
-  
+
   @Override
-  public Optional<DisabledPermittedAccount> authenticate(BasicCredentials credentials) {
-    Optional<Account> account = super.authenticate(credentials, false);
-    return account.map(DisabledPermittedAccount::new);
+  public Optional<DisabledPermittedAuthenticatedAccount> authenticate(BasicCredentials credentials) {
+    Optional<AuthenticatedAccount> account = super.authenticate(credentials, false);
+    return account.map(DisabledPermittedAuthenticatedAccount::new);
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/DisabledPermittedAuthenticatedAccount.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.security.Principal;
+import javax.security.auth.Subject;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.Device;
+
+public class DisabledPermittedAuthenticatedAccount implements Principal, AccountAndAuthenticatedDeviceHolder {
+
+  private final AuthenticatedAccount authenticatedAccount;
+
+  public DisabledPermittedAuthenticatedAccount(final AuthenticatedAccount authenticatedAccount) {
+    this.authenticatedAccount = authenticatedAccount;
+  }
+
+  @Override
+  public Account getAccount() {
+    return authenticatedAccount.getAccount();
+  }
+
+  @Override
+  public Device getAuthenticatedDevice() {
+    return authenticatedAccount.getAuthenticatedDevice();
+  }
+
+  // Principal implementation
+
+  @Override
+  public String getName() {
+    return null;
+  }
+
+  @Override
+  public boolean implies(Subject subject) {
+    return false;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/ExternalServiceCredentialGenerator.java

@@ -1,97 +1,71 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.auth;
 
-import org.apache.commons.codec.DecoderException;
-import org.apache.commons.codec.binary.Hex;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.util.Util;
-
+import com.google.common.annotations.VisibleForTesting;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.time.Clock;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.concurrent.TimeUnit;
+import org.apache.commons.codec.binary.Hex;
+import org.whispersystems.textsecuregcm.util.Util;
 
 public class ExternalServiceCredentialGenerator {
 
-  private final Logger logger = LoggerFactory.getLogger(ExternalServiceCredentialGenerator.class);
-
   private final byte[] key;
   private final byte[] userIdKey;
   private final boolean usernameDerivation;
+  private final boolean prependUsername;
+  private final Clock clock;
 
-  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation) {
-    this.key                = key;
-    this.userIdKey          = userIdKey;
-    this.usernameDerivation = usernameDerivation;
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey) {
+    this(key, userIdKey, true, true);
   }
 
-  public ExternalServiceCredentials generateFor(String number) {
-    Mac    mac                = getMacInstance();
-    String username           = getUserId(number, mac, usernameDerivation);
-    long   currentTimeSeconds = System.currentTimeMillis() / 1000;
-    String prefix             = username + ":"  + currentTimeSeconds;
-    String output             = Hex.encodeHexString(Util.truncate(getHmac(key, prefix.getBytes(), mac), 10));
-    String token              = prefix + ":" + output;
+  public ExternalServiceCredentialGenerator(byte[] key, boolean prependUsername) {
+    this(key, new byte[0], false, prependUsername);
+  }
+
+  @VisibleForTesting
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation) {
+    this(key, userIdKey, usernameDerivation, true);
+  }
+
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
+      boolean prependUsername) {
+    this(key, userIdKey, usernameDerivation, prependUsername, Clock.systemUTC());
+  }
+
+  @VisibleForTesting
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
+      boolean prependUsername, Clock clock) {
+    this.key = key;
+    this.userIdKey = userIdKey;
+    this.usernameDerivation = usernameDerivation;
+    this.prependUsername = prependUsername;
+    this.clock = clock;
+  }
+
+  public ExternalServiceCredentials generateFor(String identity) {
+    Mac mac = getMacInstance();
+    String username = getUserId(identity, mac, usernameDerivation);
+    long currentTimeSeconds = clock.millis() / 1000;
+    String prefix = username + ":" + currentTimeSeconds;
+    String output = Hex.encodeHexString(Util.truncate(getHmac(key, prefix.getBytes(), mac), 10));
+    String token = (prependUsername ? prefix : currentTimeSeconds) + ":" + output;
 
     return new ExternalServiceCredentials(username, token);
   }
 
-
-  public boolean isValid(String token, String number, long currentTimeMillis) {
-    String[] parts = token.split(":");
-    Mac      mac   = getMacInstance();
-
-    if (parts.length != 3) {
-      return false;
-    }
-
-    if (!getUserId(number, mac, usernameDerivation).equals(parts[0])) {
-      return false;
-    }
-
-    if (!isValidTime(parts[1], currentTimeMillis)) {
-      return false;
-    }
-
-    return isValidSignature(parts[0] + ":" + parts[1], parts[2], mac);
-  }
-
   private String getUserId(String number, Mac mac, boolean usernameDerivation) {
     if (usernameDerivation) return Hex.encodeHexString(Util.truncate(getHmac(userIdKey, number.getBytes(), mac), 10));
     else                    return number;
   }
 
-  private boolean isValidTime(String timeString, long currentTimeMillis) {
-    try {
-      long tokenTime = Long.parseLong(timeString);
-      long ourTime   = TimeUnit.MILLISECONDS.toSeconds(currentTimeMillis);
-
-      return TimeUnit.SECONDS.toHours(Math.abs(ourTime - tokenTime)) < 24;
-    } catch (NumberFormatException e) {
-      logger.warn("Number Format", e);
-      return false;
-    }
-  }
-
-  private boolean isValidSignature(String prefix, String suffix, Mac mac) {
-    try {
-      byte[] ourSuffix   = Util.truncate(getHmac(key, prefix.getBytes(), mac), 10);
-      byte[] theirSuffix = Hex.decodeHex(suffix.toCharArray());
-
-      return MessageDigest.isEqual(ourSuffix, theirSuffix);
-    } catch (DecoderException e) {
-      logger.warn("DirectoryCredentials", e);
-      return false;
-    }
-  }
-
   private Mac getMacInstance() {
     try {
       return Mac.getInstance("HmacSHA256");

service/src/main/java/org/whispersystems/textsecuregcm/auth/InvalidAuthorizationHeaderException.java

@@ -5,12 +5,15 @@
 package org.whispersystems.textsecuregcm.auth;
 
 
-public class InvalidAuthorizationHeaderException extends Exception {
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response.Status;
+
+public class InvalidAuthorizationHeaderException extends WebApplicationException {
   public InvalidAuthorizationHeaderException(String s) {
-    super(s);
+    super(s, Status.UNAUTHORIZED);
   }
 
   public InvalidAuthorizationHeaderException(Exception e) {
-    super(e);
+    super(e, Status.UNAUTHORIZED);
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/OptionalAccess.java

@@ -8,6 +8,8 @@ package org.whispersystems.textsecuregcm.auth;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.Device;
 
+import javax.ws.rs.NotAuthorizedException;
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
 import java.security.MessageDigest;
@@ -36,9 +38,9 @@ public class OptionalAccess {
         }
 
         if (requestAccount.isPresent()) {
-          throw new WebApplicationException(Response.Status.NOT_FOUND);
+          throw new NotFoundException();
         } else {
-          throw new WebApplicationException(Response.Status.UNAUTHORIZED);
+          throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);
         }
       }
     } catch (NumberFormatException e) {
@@ -56,7 +58,7 @@ public class OptionalAccess {
 
     //noinspection ConstantConditions
     if (requestAccount.isPresent() && (targetAccount.isEmpty() || (targetAccount.isPresent() && !targetAccount.get().isEnabled()))) {
-      throw new WebApplicationException(Response.Status.NOT_FOUND);
+      throw new NotFoundException();
     }
 
     if (accessKey.isPresent() && targetAccount.isPresent() && targetAccount.get().isEnabled() && targetAccount.get().isUnrestrictedUnidentifiedAccess()) {
@@ -72,7 +74,7 @@ public class OptionalAccess {
       return;
     }
 
-    throw new WebApplicationException(Response.Status.UNAUTHORIZED);
+    throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/PhoneNumberChangeRefreshRequirementProvider.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+public class PhoneNumberChangeRefreshRequirementProvider implements WebsocketRefreshRequirementProvider {
+
+  private static final String INITIAL_NUMBER_KEY =
+      PhoneNumberChangeRefreshRequirementProvider.class.getName() + ".initialNumber";
+
+  @Override
+  public void handleRequestFiltered(final RequestEvent requestEvent) {
+    ContainerRequestUtil.getAuthenticatedAccount(requestEvent.getContainerRequest())
+        .ifPresent(account -> requestEvent.getContainerRequest().setProperty(INITIAL_NUMBER_KEY, account.getNumber()));
+  }
+
+  @Override
+  public List<Pair<UUID, Long>> handleRequestFinished(final RequestEvent requestEvent) {
+    final String initialNumber = (String) requestEvent.getContainerRequest().getProperty(INITIAL_NUMBER_KEY);
+
+    if (initialNumber != null) {
+      final Optional<Account> maybeAuthenticatedAccount =
+          ContainerRequestUtil.getAuthenticatedAccount(requestEvent.getContainerRequest());
+
+      return maybeAuthenticatedAccount
+          .filter(account -> !initialNumber.equals(account.getNumber()))
+          .map(account -> account.getDevices().stream()
+              .map(device -> new Pair<>(account.getUuid(), device.getId()))
+              .collect(Collectors.toList()))
+          .orElse(Collections.emptyList());
+    } else {
+      return Collections.emptyList();
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredRegistrationLock.java

@@ -9,7 +9,6 @@ import com.google.common.annotations.VisibleForTesting;
 import org.whispersystems.textsecuregcm.util.Util;
 
 import javax.annotation.Nullable;
-import java.security.MessageDigest;
 import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 
@@ -20,42 +19,33 @@ public class StoredRegistrationLock {
 
   private final Optional<String> registrationLockSalt;
 
-  private final Optional<String> deprecatedPin;
-
   private final long             lastSeen;
 
-  public StoredRegistrationLock(Optional<String> registrationLock, Optional<String> registrationLockSalt, Optional<String> deprecatedPin, long lastSeen) {
+  public StoredRegistrationLock(Optional<String> registrationLock, Optional<String> registrationLockSalt, long lastSeen) {
     this.registrationLock     = registrationLock;
     this.registrationLockSalt = registrationLockSalt;
-    this.deprecatedPin        = deprecatedPin;
     this.lastSeen             = lastSeen;
   }
 
   public boolean requiresClientRegistrationLock() {
-    return ((registrationLock.isPresent() && registrationLockSalt.isPresent())  || deprecatedPin.isPresent()) && System.currentTimeMillis() - lastSeen < TimeUnit.DAYS.toMillis(7);
+    return registrationLock.isPresent() && registrationLockSalt.isPresent() && System.currentTimeMillis() - lastSeen < TimeUnit.DAYS.toMillis(7);
   }
 
   public boolean needsFailureCredentials() {
     return registrationLock.isPresent() && registrationLockSalt.isPresent();
   }
 
-  public boolean hasDeprecatedPin() {
-    return deprecatedPin.isPresent();
-  }
-
   public long getTimeRemaining() {
     return TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - lastSeen);
   }
 
-  public boolean verify(@Nullable String clientRegistrationLock, @Nullable String clientDeprecatedPin) {
-    if (Util.isEmpty(clientRegistrationLock) && Util.isEmpty(clientDeprecatedPin)) {
+  public boolean verify(@Nullable String clientRegistrationLock) {
+    if (Util.isEmpty(clientRegistrationLock)) {
       return false;
     }
 
     if (registrationLock.isPresent() && registrationLockSalt.isPresent() && !Util.isEmpty(clientRegistrationLock)) {
       return new AuthenticationCredentials(registrationLock.get(), registrationLockSalt.get()).verify(clientRegistrationLock);
-    } else if (deprecatedPin.isPresent() && !Util.isEmpty(clientDeprecatedPin)) {
-      return MessageDigest.isEqual(deprecatedPin.get().getBytes(), clientDeprecatedPin.getBytes());
     } else {
       return false;
     }
@@ -63,6 +53,6 @@ public class StoredRegistrationLock {
 
   @VisibleForTesting
   public StoredRegistrationLock forTime(long timestamp) {
-    return new StoredRegistrationLock(registrationLock, registrationLockSalt, deprecatedPin, timestamp);
+    return new StoredRegistrationLock(registrationLock, registrationLockSalt, timestamp);
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCode.java

@@ -5,36 +5,38 @@
 
 package org.whispersystems.textsecuregcm.auth;
 
+import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
-
-import org.whispersystems.textsecuregcm.util.Util;
-
 import java.security.MessageDigest;
+import java.time.Duration;
 import java.util.Optional;
-import java.util.concurrent.TimeUnit;
+import javax.annotation.Nullable;
+import org.whispersystems.textsecuregcm.util.Util;
 
 public class StoredVerificationCode {
 
   @JsonProperty
-  private String code;
+  private final String code;
 
   @JsonProperty
-  private long timestamp;
+  private final long timestamp;
 
   @JsonProperty
-  private String pushCode;
+  private final String pushCode;
 
   @JsonProperty
-  private String twilioVerificationSid;
+  @Nullable
+  private final String twilioVerificationSid;
 
-  public StoredVerificationCode() {
-  }
+  public static final Duration EXPIRATION = Duration.ofMinutes(10);
 
-  public StoredVerificationCode(String code, long timestamp, String pushCode) {
-    this(code, timestamp, pushCode, null);
-  }
+  @JsonCreator
+  public StoredVerificationCode(
+      @JsonProperty("code") final String code,
+      @JsonProperty("timestamp") final long timestamp,
+      @JsonProperty("pushCode") final String pushCode,
+      @JsonProperty("twilioVerificationSid") @Nullable final String twilioVerificationSid) {
 
-  public StoredVerificationCode(String code, long timestamp, String pushCode, String twilioVerificationSid) {
     this.code = code;
     this.timestamp = timestamp;
     this.pushCode = pushCode;
@@ -58,10 +60,6 @@ public class StoredVerificationCode {
   }
 
   public boolean isValid(String theirCodeString) {
-    if (timestamp + TimeUnit.MINUTES.toMillis(10) < System.currentTimeMillis()) {
-      return false;
-    }
-
     if (Util.isEmpty(code) || Util.isEmpty(theirCodeString)) {
       return false;
     }

service/src/main/java/org/whispersystems/textsecuregcm/auth/TurnToken.java

@@ -6,6 +6,7 @@
 package org.whispersystems.textsecuregcm.auth;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.google.common.annotations.VisibleForTesting;
 
 import java.util.List;
 
@@ -25,4 +26,9 @@ public class TurnToken {
     this.password = password;
     this.urls     = urls;
   }
+
+  @VisibleForTesting
+  List<String> getUrls() {
+    return urls;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/TurnTokenGenerator.java

@@ -5,7 +5,12 @@
 
 package org.whispersystems.textsecuregcm.auth;
 
-import org.whispersystems.textsecuregcm.configuration.TurnConfiguration;
+import org.whispersystems.textsecuregcm.configuration.TurnUriConfiguration;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicTurnConfiguration;
+import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
+import org.whispersystems.textsecuregcm.util.Pair;
+import org.whispersystems.textsecuregcm.util.WeightedRandomSelect;
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
@@ -14,20 +19,21 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Base64;
 import java.util.List;
+import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 
 public class TurnTokenGenerator {
 
-  private final byte[]       key;
-  private final List<String> urls;
+  private final DynamicConfigurationManager<DynamicConfiguration> dynamicConfiguration;
 
-  public TurnTokenGenerator(TurnConfiguration configuration) {
-    this.key  = configuration.getSecret().getBytes();
-    this.urls = configuration.getUris();
+  public TurnTokenGenerator(final DynamicConfigurationManager<DynamicConfiguration> config) {
+    this.dynamicConfiguration = config;
   }
 
-  public TurnToken generate() {
+  public TurnToken generate(final String e164) {
     try {
+      byte[] key                = dynamicConfiguration.getConfiguration().getTurnConfiguration().getSecret().getBytes();
+      List<String> urls         = urls(e164);
       Mac    mac                = Mac.getInstance("HmacSHA1");
       long   validUntilSeconds  = (System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)) / 1000;
       long   user               = Math.abs(new SecureRandom().nextInt());
@@ -41,4 +47,22 @@ public class TurnTokenGenerator {
       throw new AssertionError(e);
     }
   }
+
+  private List<String> urls(final String e164) {
+    final DynamicTurnConfiguration turnConfig = dynamicConfiguration.getConfiguration().getTurnConfiguration();
+
+    // Check if number is enrolled to test out specific turn servers
+    final Optional<TurnUriConfiguration> enrolled = turnConfig.getUriConfigs().stream()
+        .filter(config -> config.getEnrolledNumbers().contains(e164))
+        .findFirst();
+    if (enrolled.isPresent()) {
+      return enrolled.get().getUris();
+    }
+
+    // Otherwise, select from turn server sets by weighted choice
+    return WeightedRandomSelect.select(turnConfig
+        .getUriConfigs()
+        .stream()
+        .map(c -> new Pair<List<String>, Long>(c.getUris(), c.getWeight())).toList());
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/WebsocketRefreshApplicationEventListener.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import org.glassfish.jersey.server.monitoring.ApplicationEvent;
+import org.glassfish.jersey.server.monitoring.ApplicationEventListener;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.glassfish.jersey.server.monitoring.RequestEventListener;
+import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
+
+/**
+ * Delegates request events to a listener that watches for intra-request changes that require websocket refreshes
+ */
+public class WebsocketRefreshApplicationEventListener implements ApplicationEventListener {
+
+  private final WebsocketRefreshRequestEventListener websocketRefreshRequestEventListener;
+
+  public WebsocketRefreshApplicationEventListener(final AccountsManager accountsManager,
+      final ClientPresenceManager clientPresenceManager) {
+
+    this.websocketRefreshRequestEventListener = new WebsocketRefreshRequestEventListener(clientPresenceManager,
+        new AuthEnablementRefreshRequirementProvider(accountsManager),
+        new PhoneNumberChangeRefreshRequirementProvider());
+  }
+
+  @Override
+  public void onEvent(final ApplicationEvent event) {
+  }
+
+  @Override
+  public RequestEventListener onRequest(final RequestEvent requestEvent) {
+    return websocketRefreshRequestEventListener;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/WebsocketRefreshRequestEventListener.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import static org.whispersystems.textsecuregcm.metrics.MetricsUtil.name;
+
+import io.micrometer.core.instrument.Counter;
+import io.micrometer.core.instrument.Metrics;
+import java.util.Arrays;
+import java.util.concurrent.atomic.AtomicInteger;
+import javax.ws.rs.container.ResourceInfo;
+import javax.ws.rs.core.Context;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.glassfish.jersey.server.monitoring.RequestEvent.Type;
+import org.glassfish.jersey.server.monitoring.RequestEventListener;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
+
+public class WebsocketRefreshRequestEventListener implements RequestEventListener {
+
+  private final ClientPresenceManager clientPresenceManager;
+  private final WebsocketRefreshRequirementProvider[] providers;
+
+  private static final Counter DISPLACED_ACCOUNTS = Metrics.counter(
+      name(WebsocketRefreshRequestEventListener.class, "displacedAccounts"));
+
+  private static final Counter DISPLACED_DEVICES = Metrics.counter(
+      name(WebsocketRefreshRequestEventListener.class, "displacedDevices"));
+
+  private static final Logger logger = LoggerFactory.getLogger(WebsocketRefreshRequestEventListener.class);
+
+  public WebsocketRefreshRequestEventListener(
+      final ClientPresenceManager clientPresenceManager,
+      final WebsocketRefreshRequirementProvider... providers) {
+
+    this.clientPresenceManager = clientPresenceManager;
+    this.providers = providers;
+  }
+
+  @Context
+  private ResourceInfo resourceInfo;
+
+  @Override
+  public void onEvent(final RequestEvent event) {
+    if (event.getType() == Type.REQUEST_FILTERED) {
+      for (final WebsocketRefreshRequirementProvider provider : providers) {
+        provider.handleRequestFiltered(event);
+      }
+    } else if (event.getType() == Type.FINISHED) {
+      final AtomicInteger displacedDevices = new AtomicInteger(0);
+
+      Arrays.stream(providers)
+          .flatMap(provider -> provider.handleRequestFinished(event).stream())
+          .distinct()
+          .forEach(pair -> {
+            try {
+              displacedDevices.incrementAndGet();
+              clientPresenceManager.disconnectPresence(pair.first(), pair.second());
+            } catch (final Exception e) {
+              logger.error("Could not displace device presence", e);
+            }
+          });
+
+      if (displacedDevices.get() > 0) {
+        DISPLACED_ACCOUNTS.increment();
+        DISPLACED_DEVICES.increment(displacedDevices.get());
+      }
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/WebsocketRefreshRequirementProvider.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.util.List;
+import java.util.UUID;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+/**
+ * A websocket refresh requirement provider watches for intra-request changes (e.g. to authentication status) that
+ * require a websocket refresh.
+ */
+public interface WebsocketRefreshRequirementProvider {
+
+  /**
+   * Processes a request after filters have run and the request has been mapped to a destination controller.
+   *
+   * @param requestEvent the request event to observe
+   */
+  void handleRequestFiltered(RequestEvent requestEvent);
+
+  /**
+   * Processes a request after all normal request handling has been completed.
+   *
+   * @param requestEvent the request event to observe
+   * @return a list of pairs of account UUID/device ID pairs identifying websockets that need to be refreshed as a
+   * result of the observed request
+   */
+  List<Pair<UUID, Long>> handleRequestFinished(RequestEvent requestEvent);
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/BadgeTranslator.java

@@ -0,0 +1,14 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import java.util.List;
+import java.util.Locale;
+import org.whispersystems.textsecuregcm.entities.Badge;
+
+public interface BadgeTranslator {
+  Badge translate(List<Locale> acceptableLanguages, String badgeId);
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/ConfiguredProfileBadgeConverter.java

@@ -0,0 +1,131 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import com.google.common.annotations.VisibleForTesting;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.ResourceBundle;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import org.signal.i18n.HeaderControlledResourceBundleLookup;
+import org.whispersystems.textsecuregcm.configuration.BadgeConfiguration;
+import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
+import org.whispersystems.textsecuregcm.entities.Badge;
+import org.whispersystems.textsecuregcm.entities.BadgeSvg;
+import org.whispersystems.textsecuregcm.entities.SelfBadge;
+import org.whispersystems.textsecuregcm.storage.AccountBadge;
+
+public class ConfiguredProfileBadgeConverter implements ProfileBadgeConverter, BadgeTranslator {
+
+  @VisibleForTesting
+  static final String BASE_NAME = "org.signal.badges.Badges";
+
+  private final Clock clock;
+  private final Map<String, BadgeConfiguration> knownBadges;
+  private final List<String> badgeIdsEnabledForAll;
+  private final HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup;
+
+  public ConfiguredProfileBadgeConverter(
+      final Clock clock,
+      final BadgesConfiguration badgesConfiguration,
+      final HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup) {
+    this.clock = clock;
+    this.knownBadges = badgesConfiguration.getBadges().stream()
+        .collect(Collectors.toMap(BadgeConfiguration::getId, Function.identity()));
+    this.badgeIdsEnabledForAll = badgesConfiguration.getBadgeIdsEnabledForAll();
+    this.headerControlledResourceBundleLookup = headerControlledResourceBundleLookup;
+  }
+
+  @Override
+  public Badge translate(final List<Locale> acceptableLanguages, final String badgeId) {
+    final ResourceBundle resourceBundle = headerControlledResourceBundleLookup.getResourceBundle(BASE_NAME,
+        acceptableLanguages);
+    final BadgeConfiguration configuration = knownBadges.get(badgeId);
+    return newBadge(
+        false,
+        configuration.getId(),
+        configuration.getCategory(),
+        resourceBundle.getString(configuration.getId() + "_name"),
+        resourceBundle.getString(configuration.getId() + "_description"),
+        configuration.getSprites(),
+        configuration.getSvg(),
+        configuration.getSvgs(),
+        null,
+        false);
+  }
+
+  @Override
+  public List<Badge> convert(
+      final List<Locale> acceptableLanguages,
+      final List<AccountBadge> accountBadges,
+      final boolean isSelf) {
+    if (accountBadges.isEmpty() && badgeIdsEnabledForAll.isEmpty()) {
+      return List.of();
+    }
+
+    final Instant now = clock.instant();
+    final ResourceBundle resourceBundle = headerControlledResourceBundleLookup.getResourceBundle(BASE_NAME,
+        acceptableLanguages);
+    List<Badge> badges = accountBadges.stream()
+        .filter(accountBadge -> (isSelf || accountBadge.isVisible())
+            && now.isBefore(accountBadge.getExpiration())
+            && knownBadges.containsKey(accountBadge.getId()))
+        .map(accountBadge -> {
+          BadgeConfiguration configuration = knownBadges.get(accountBadge.getId());
+          return newBadge(
+              isSelf,
+              accountBadge.getId(),
+              configuration.getCategory(),
+              resourceBundle.getString(accountBadge.getId() + "_name"),
+              resourceBundle.getString(accountBadge.getId() + "_description"),
+              configuration.getSprites(),
+              configuration.getSvg(),
+              configuration.getSvgs(),
+              accountBadge.getExpiration(),
+              accountBadge.isVisible());
+        })
+        .collect(Collectors.toCollection(ArrayList::new));
+    badges.addAll(badgeIdsEnabledForAll.stream().filter(knownBadges::containsKey).map(id -> {
+      BadgeConfiguration configuration = knownBadges.get(id);
+      return newBadge(
+          isSelf,
+          id,
+          configuration.getCategory(),
+          resourceBundle.getString(id + "_name"),
+          resourceBundle.getString(id + "_description"),
+          configuration.getSprites(),
+          configuration.getSvg(),
+          configuration.getSvgs(),
+          now.plus(Duration.ofDays(1)),
+          true);
+    }).collect(Collectors.toList()));
+    return badges;
+  }
+
+  private Badge newBadge(
+      final boolean isSelf,
+      final String id,
+      final String category,
+      final String name,
+      final String description,
+      final List<String> sprites,
+      final String svg,
+      final List<BadgeSvg> svgs,
+      final Instant expiration,
+      final boolean visible) {
+    if (isSelf) {
+      return new SelfBadge(id, category, name, description, sprites, svg, svgs, expiration, visible);
+    } else {
+      return new Badge(id, category, name, description, sprites, svg, svgs);
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/LevelTranslator.java

@@ -0,0 +1,13 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import java.util.List;
+import java.util.Locale;
+
+public interface LevelTranslator {
+  String translate(List<Locale> acceptableLanguages, String badgeId);
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/ProfileBadgeConverter.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import java.util.List;
+import java.util.Locale;
+import org.whispersystems.textsecuregcm.entities.Badge;
+import org.whispersystems.textsecuregcm.storage.AccountBadge;
+
+public interface ProfileBadgeConverter {
+
+  /**
+   * Converts the {@link AccountBadge}s for an account into the objects
+   * that can be returned on a profile fetch.
+   */
+  List<Badge> convert(List<Locale> acceptableLanguages, List<AccountBadge> accountBadges, boolean isSelf);
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/ResourceBundleLevelTranslator.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import java.util.List;
+import java.util.Locale;
+import java.util.Objects;
+import java.util.ResourceBundle;
+import javax.annotation.Nonnull;
+import org.signal.i18n.HeaderControlledResourceBundleLookup;
+
+public class ResourceBundleLevelTranslator implements LevelTranslator {
+
+  private static final String BASE_NAME = "org.signal.subscriptions.Subscriptions";
+
+  private final HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup;
+
+  public ResourceBundleLevelTranslator(
+      @Nonnull final HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup) {
+    this.headerControlledResourceBundleLookup = Objects.requireNonNull(headerControlledResourceBundleLookup);
+  }
+
+  @Override
+  public String translate(final List<Locale> acceptableLanguages, final String badgeId) {
+    final ResourceBundle resourceBundle = headerControlledResourceBundleLookup.getResourceBundle(BASE_NAME,
+        acceptableLanguages);
+    return resourceBundle.getString(badgeId);
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/AbusiveMessageFilterConfiguration.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.constraints.NotBlank;
+
+public class AbusiveMessageFilterConfiguration {
+
+  @JsonProperty
+  @NotBlank
+  private final String environment;
+
+  @JsonCreator
+  public AbusiveMessageFilterConfiguration(@JsonProperty("environment") final String environment) {
+    this.environment = environment;
+  }
+
+  public String getEnvironment() {
+    return environment;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/AccountsDatabaseConfiguration.java

@@ -1,23 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import javax.validation.Valid;
-import javax.validation.constraints.NotNull;
-
-public class AccountsDatabaseConfiguration extends DatabaseConfiguration {
-
-    @JsonProperty
-    @NotNull
-    @Valid
-    private RetryConfiguration keyOperationRetry = new RetryConfiguration();
-
-    public RetryConfiguration getKeyOperationRetryConfiguration() {
-        return keyOperationRetry;
-    }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/AccountsDynamoDbConfiguration.java

@@ -1,13 +0,0 @@
-package org.whispersystems.textsecuregcm.configuration;
-
-import javax.validation.constraints.NotNull;
-
-public class AccountsDynamoDbConfiguration extends DynamoDbConfiguration {
-
-  @NotNull
-  private String phoneNumberTableName;
-
-  public String getPhoneNumberTableName() {
-    return phoneNumberTableName;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/AccountsTableConfiguration.java

@@ -0,0 +1,49 @@
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import org.whispersystems.textsecuregcm.configuration.DynamoDbTables.Table;
+import javax.validation.constraints.NotBlank;
+
+public class AccountsTableConfiguration extends Table {
+
+  private final String phoneNumberTableName;
+  private final String phoneNumberIdentifierTableName;
+  private final String usernamesTableName;
+  private final int scanPageSize;
+
+  @JsonCreator
+  public AccountsTableConfiguration(
+      @JsonProperty("tableName") final String tableName,
+      @JsonProperty("phoneNumberTableName") final String phoneNumberTableName,
+      @JsonProperty("phoneNumberIdentifierTableName") final String phoneNumberIdentifierTableName,
+      @JsonProperty("usernamesTableName") final String usernamesTableName,
+      @JsonProperty("scanPageSize") final int scanPageSize) {
+
+    super(tableName);
+
+    this.phoneNumberTableName = phoneNumberTableName;
+    this.phoneNumberIdentifierTableName = phoneNumberIdentifierTableName;
+    this.usernamesTableName = usernamesTableName;
+    this.scanPageSize = scanPageSize;
+  }
+
+  @NotBlank
+  public String getPhoneNumberTableName() {
+    return phoneNumberTableName;
+  }
+
+  @NotBlank
+  public String getPhoneNumberIdentifierTableName() {
+    return phoneNumberIdentifierTableName;
+  }
+
+  @NotBlank
+  public String getUsernamesTableName() {
+    return usernamesTableName;
+  }
+
+  public int getScanPageSize() {
+    return scanPageSize;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BadgeConfiguration.java

@@ -0,0 +1,68 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.List;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.entities.BadgeSvg;
+import org.whispersystems.textsecuregcm.util.ExactlySize;
+
+public class BadgeConfiguration {
+  public static final String CATEGORY_TESTING = "testing";
+
+  private final String id;
+  private final String category;
+  private final List<String> sprites;
+  private final String svg;
+  private final List<BadgeSvg> svgs;
+
+  @JsonCreator
+  public BadgeConfiguration(
+      @JsonProperty("id") final String id,
+      @JsonProperty("category") final String category,
+      @JsonProperty("sprites") final List<String> sprites,
+      @JsonProperty("svg") final String svg,
+      @JsonProperty("svgs") final List<BadgeSvg> svgs) {
+    this.id = id;
+    this.category = category;
+    this.sprites = sprites;
+    this.svg = svg;
+    this.svgs = svgs;
+  }
+
+  @NotEmpty
+  public String getId() {
+    return id;
+  }
+
+  @NotEmpty
+  public String getCategory() {
+    return category;
+  }
+
+  @NotNull
+  @ExactlySize(6)
+  public List<String> getSprites() {
+    return sprites;
+  }
+
+  @NotEmpty
+  public String getSvg() {
+    return svg;
+  }
+
+  @NotNull
+  public List<BadgeSvg> getSvgs() {
+    return svgs;
+  }
+
+  public boolean isTestBadge() {
+    return CATEGORY_TESTING.equals(category);
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BadgesConfiguration.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonSetter;
+import com.fasterxml.jackson.annotation.Nulls;
+import io.dropwizard.validation.ValidationMethod;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+import javax.validation.Valid;
+import javax.validation.constraints.NotNull;
+
+public class BadgesConfiguration {
+  private final List<BadgeConfiguration> badges;
+  private final List<String> badgeIdsEnabledForAll;
+  private final Map<Long, String> receiptLevels;
+
+  @JsonCreator
+  public BadgesConfiguration(
+      @JsonProperty("badges") @JsonSetter(nulls = Nulls.AS_EMPTY) final List<BadgeConfiguration> badges,
+      @JsonProperty("badgeIdsEnabledForAll") @JsonSetter(nulls = Nulls.AS_EMPTY) final List<String> badgeIdsEnabledForAll,
+      @JsonProperty("receiptLevels") @JsonSetter(nulls = Nulls.AS_EMPTY) final Map<Long, String> receiptLevels) {
+    this.badges = Objects.requireNonNull(badges);
+    this.badgeIdsEnabledForAll = Objects.requireNonNull(badgeIdsEnabledForAll);
+    this.receiptLevels = Objects.requireNonNull(receiptLevels);
+  }
+
+  @Valid
+  @NotNull
+  public List<BadgeConfiguration> getBadges() {
+    return badges;
+  }
+
+  @Valid
+  @NotNull
+  public List<String> getBadgeIdsEnabledForAll() {
+    return badgeIdsEnabledForAll;
+  }
+
+  @Valid
+  @NotNull
+  public Map<Long, String> getReceiptLevels() {
+    return receiptLevels;
+  }
+
+  @JsonIgnore
+  @ValidationMethod(message = "contains receipt level mappings that are not configured badges")
+  public boolean isAllReceiptLevelsConfigured() {
+    final Set<String> badgeNames = badges.stream().map(BadgeConfiguration::getId).collect(Collectors.toSet());
+    return badgeNames.containsAll(receiptLevels.values());
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BoostConfiguration.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.math.BigDecimal;
+import java.time.Duration;
+import java.util.List;
+import java.util.Map;
+import javax.validation.Valid;
+import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.util.ExactlySize;
+
+public class BoostConfiguration {
+
+  private final long level;
+  private final Duration expiration;
+  private final Map<String, List<BigDecimal>> currencies;
+  private final String badge;
+
+  @JsonCreator
+  public BoostConfiguration(
+      @JsonProperty("level") long level,
+      @JsonProperty("expiration") Duration expiration,
+      @JsonProperty("currencies") Map<String, List<BigDecimal>> currencies,
+      @JsonProperty("badge") String badge) {
+    this.level = level;
+    this.expiration = expiration;
+    this.currencies = currencies;
+    this.badge = badge;
+  }
+
+  public long getLevel() {
+    return level;
+  }
+
+  @NotNull
+  public Duration getExpiration() {
+    return expiration;
+  }
+
+  @Valid
+  @NotNull
+  public Map<@NotEmpty String, @Valid @ExactlySize(6) List<@DecimalMin("0.01") @NotNull BigDecimal>> getCurrencies() {
+    return currencies;
+  }
+
+  @NotEmpty
+  public String getBadge() {
+    return badge;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/CircuitBreakerConfiguration.java

@@ -7,15 +7,15 @@ package org.whispersystems.textsecuregcm.configuration;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.google.common.annotations.VisibleForTesting;
-
+import io.github.resilience4j.circuitbreaker.CircuitBreakerConfig;
+import java.time.Duration;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
 import javax.validation.constraints.Max;
 import javax.validation.constraints.Min;
 import javax.validation.constraints.NotNull;
 
-import java.time.Duration;
-
-import io.github.resilience4j.circuitbreaker.CircuitBreakerConfig;
-
 public class CircuitBreakerConfiguration {
 
   @JsonProperty
@@ -39,6 +39,9 @@ public class CircuitBreakerConfiguration {
   @Min(1)
   private long waitDurationInOpenStateInSeconds = 10;
 
+  @JsonProperty
+  private List<String> ignoredExceptions = Collections.emptyList();
+
 
   public int getFailureRateThreshold() {
     return failureRateThreshold;
@@ -56,6 +59,18 @@ public class CircuitBreakerConfiguration {
     return waitDurationInOpenStateInSeconds;
   }
 
+  public List<Class> getIgnoredExceptions() {
+      return ignoredExceptions.stream()
+          .map(name -> {
+             try {
+               return Class.forName(name);
+             } catch (final ClassNotFoundException e) {
+               throw new RuntimeException(e);
+             }
+          })
+          .collect(Collectors.toList());
+  }
+
   @VisibleForTesting
   public void setFailureRateThreshold(int failureRateThreshold) {
     this.failureRateThreshold = failureRateThreshold;
@@ -76,9 +91,15 @@ public class CircuitBreakerConfiguration {
     this.waitDurationInOpenStateInSeconds = seconds;
   }
 
+  @VisibleForTesting
+  public void setIgnoredExceptions(final List<String> ignoredExceptions) {
+    this.ignoredExceptions = ignoredExceptions;
+  }
+
   public CircuitBreakerConfig toCircuitBreakerConfig() {
     return CircuitBreakerConfig.custom()
                         .failureRateThreshold(getFailureRateThreshold())
+                        .ignoreExceptions(getIgnoredExceptions().toArray(new Class[0]))
                         .ringBufferSizeInHalfOpenState(getRingBufferSizeInHalfOpenState())
                         .waitDurationInOpenState(Duration.ofSeconds(getWaitDurationInOpenStateInSeconds()))
                         .ringBufferSizeInClosedState(getRingBufferSizeInClosedState())