Return an empty response if somebody requests a profile key credential with a non-existent version

This will make it start last and shut down first, which is pretty much what we want for shutdown state monitoring

.github/workflows/test.yml

@@ -9,16 +9,10 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Set up JDK 11
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@3bc31aaf88e8fc94dc1e632d48af61be5ca8721c
         with:
-          distribution: 'adopt'
-          java-version: 11
-      - name: Cache local Maven repository
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          distribution: 'temurin'
+          java-version: 17
+          cache: 'maven'
       - name: Build with Maven
         run: mvn -e -B verify

.gitignore

@@ -21,3 +21,8 @@ put.sh
 deployer-staging.properties
 deployer-production.properties
 deployer.log
+/service/src/main/resources/org/signal/badges/Badges_*.properties
+!/service/src/main/resources/org/signal/badges/Badges_en.properties
+/service/src/main/resources/org/signal/subscriptions/Subscriptions_*.properties
+!/service/src/main/resources/org/signal/subscriptions/Subscriptions_en.properties
+/.tx/config

.gitmodules

@@ -0,0 +1,11 @@
+# Note that the implementation of the abusive message filter is private; internal
+# developers will need to override this URL with:
+#
+# ```
+# git config submodule.abusive-message-filter.url PRIVATE_URL
+# ```
+#
+# External developers may safely ignore this submodule.
+[submodule "abusive-message-filter"]
+	path = abusive-message-filter
+	url = REDACTED

LICENSE

@@ -615,3 +615,47 @@ reviewing courts shall apply local law that most closely approximates
 an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

pom.xml

@@ -21,6 +21,19 @@
     </repository>
   </repositories>
 
+  <pluginRepositories>
+    <pluginRepository>
+      <id>ossrh-snapshots</id>
+      <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+      <releases>
+        <enabled>false</enabled>
+      </releases>
+      <snapshots>
+        <enabled>true</enabled>
+      </snapshots>
+    </pluginRepository>
+  </pluginRepositories>
+
   <modules>
     <module>redis-dispatch</module>
     <module>websocket-resources</module>
@@ -34,24 +47,27 @@
     <commons-codec.version>1.15</commons-codec.version>
     <commons-csv.version>1.8</commons-csv.version>
     <commons-io.version>2.9.0</commons-io.version>
-    <dropwizard.version>2.0.22</dropwizard.version>
+    <dropwizard.version>2.0.26</dropwizard.version>
+    <dropwizard-metrics-datadog.version>1.1.13</dropwizard-metrics-datadog.version>
+    <gson.version>2.8.8</gson.version>
     <guava.version>30.1.1-jre</guava.version>
     <jaxb.version>2.3.1</jaxb.version>
     <jedis.version>2.9.0</jedis.version>
     <lettuce.version>6.0.4.RELEASE</lettuce.version>
-    <libphonenumber.version>8.12.23</libphonenumber.version>
+    <libphonenumber.version>8.12.33</libphonenumber.version>
     <logstash.logback.version>6.6</logstash.logback.version>
     <micrometer.version>1.5.3</micrometer.version>
-    <mockito.version>2.25.1</mockito.version>
+    <mockito.version>4.0.0</mockito.version>
     <netty.version>4.1.65.Final</netty.version>
     <netty.tcnative-boringssl-static.version>2.0.39.Final</netty.tcnative-boringssl-static.version>
     <opentest4j.version>1.2.0</opentest4j.version>
     <postgresql.version>9.4-1201-jdbc41</postgresql.version>
     <protobuf.version>3.17.1</protobuf.version>
-    <pushy.version>0.14.2</pushy.version>
+    <pushy.version>0.15.0</pushy.version>
     <resilience4j.version>1.5.0</resilience4j.version>
     <semver4j.version>3.1.0</semver4j.version>
     <slf4j.version>1.7.30</slf4j.version>
+    <stripe.version>20.79.0</stripe.version>
 
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
@@ -90,6 +106,13 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+        <groupId>com.google.cloud</groupId>
+        <artifactId>libraries-bom</artifactId>
+        <version>20.9.0</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <groupId>io.github.resilience4j</groupId>
         <artifactId>resilience4j-bom</artifactId>
@@ -171,6 +194,11 @@
         <artifactId>commons-csv</artifactId>
         <version>${commons-csv.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.coursera</groupId>
+        <artifactId>dropwizard-metrics-datadog</artifactId>
+        <version>${dropwizard-metrics-datadog.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.glassfish.jaxb</groupId>
         <artifactId>jaxb-runtime</artifactId>
@@ -217,6 +245,47 @@
         <artifactId>jedis</artifactId>
         <version>${jedis.version}</version>
       </dependency>
+      <dependency>
+        <groupId>commons-logging</groupId>
+        <artifactId>commons-logging</artifactId>
+        <version>1.2</version>
+      </dependency>
+      <dependency>
+        <groupId>org.ow2.asm</groupId>
+        <artifactId>asm</artifactId>
+        <version>9.2</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>com.stripe</groupId>
+        <artifactId>stripe-java</artifactId>
+        <version>${stripe.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.google.code.gson</groupId>
+        <artifactId>gson</artifactId>
+        <version>${gson.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.signal</groupId>
+        <artifactId>embedded-redis</artifactId>
+        <version>0.8.1</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>io.zonky.test.postgres</groupId>
+        <artifactId>embedded-postgres-binaries-bom</artifactId>
+        <version>11.13.0</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-bom</artifactId>
+        <version>2.16.0</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
@@ -230,7 +299,7 @@
     <dependency>
       <groupId>com.github.tomakehurst</groupId>
       <artifactId>wiremock-jre8</artifactId>
-      <version>2.27.2</version>
+      <version>2.32.0</version>
       <scope>test</scope>
       <exclusions>
         <exclusion>
@@ -262,6 +331,29 @@
 
   </dependencies>
 
+  <profiles>
+    <profile>
+      <id>include-abusive-message-filter</id>
+      <activation>
+        <file>
+          <exists>abusive-message-filter/pom.xml</exists>
+        </file>
+      </activation>
+      <modules>
+        <module>abusive-message-filter</module>
+      </modules>
+    </profile>
+
+    <profile>
+      <id>exclude-abusive-message-filter</id>
+      <activation>
+        <file>
+          <missing>abusive-message-filter/pom.xml</missing>
+        </file>
+      </activation>
+    </profile>
+  </profiles>
+
   <build>
     <extensions>
       <extension>
@@ -277,7 +369,8 @@
         <artifactId>protobuf-maven-plugin</artifactId>
         <version>0.6.1</version>
         <configuration>
-          <protocArtifact>com.google.protobuf:protoc:3.17.2:exe:${os.detected.classifier}</protocArtifact>
+          <protocArtifact>com.google.protobuf:protoc:3.18.0:exe:${os.detected.classifier}</protocArtifact>
+          <checkStaleness>true</checkStaleness>
         </configuration>
         <executions>
           <execution>
@@ -294,8 +387,7 @@
         <artifactId>maven-compiler-plugin</artifactId>
         <version>3.8.1</version>
         <configuration>
-          <source>11</source>
-          <target>11</target>
+          <release>17</release>
         </configuration>
       </plugin>
 
@@ -359,7 +451,7 @@
               <rules>
                 <dependencyConvergence/>
                 <requireMavenVersion>
-                  <version>3.0.0</version>
+                  <version>3.8.3</version>
                 </requireMavenVersion>
               </rules>
             </configuration>

redis-dispatch/src/main/java/org/whispersystems/dispatch/DispatchChannel.java

@@ -5,7 +5,7 @@
 package org.whispersystems.dispatch;
 
 public interface DispatchChannel {
-  public void onDispatchMessage(String channel, byte[] message);
-  public void onDispatchSubscribed(String channel);
-  public void onDispatchUnsubscribed(String channel);
+  void onDispatchMessage(String channel, byte[] message);
+  void onDispatchSubscribed(String channel);
+  void onDispatchUnsubscribed(String channel);
 }

redis-dispatch/src/main/java/org/whispersystems/dispatch/DispatchManager.java

@@ -59,9 +59,7 @@ public class DispatchManager extends Thread {
       logger.warn("Subscription error", e);
     }
 
-    if (previous.isPresent()) {
-      dispatchUnsubscription(name, previous.get());
-    }
+    previous.ifPresent(channel -> dispatchUnsubscription(name, channel));
   }
 
   public synchronized void unsubscribe(String name, DispatchChannel channel) {
@@ -132,46 +130,28 @@ public class DispatchManager extends Thread {
   }
 
   private void resubscribeAll() {
-    new Thread() {
-      @Override
-      public void run() {
-        synchronized (DispatchManager.this) {
-          try {
-            for (String name : subscriptions.keySet()) {
-              pubSubConnection.subscribe(name);
-            }
-          } catch (IOException e) {
-            logger.warn("***** RESUBSCRIPTION ERROR *****", e);
+    new Thread(() -> {
+      synchronized (DispatchManager.this) {
+        try {
+          for (String name : subscriptions.keySet()) {
+            pubSubConnection.subscribe(name);
           }
+        } catch (IOException e) {
+          logger.warn("***** RESUBSCRIPTION ERROR *****", e);
         }
       }
-    }.start();
+    }).start();
   }
 
   private void dispatchMessage(final String name, final DispatchChannel channel, final byte[] message) {
-    executor.execute(new Runnable() {
-      @Override
-      public void run() {
-        channel.onDispatchMessage(name, message);
-      }
-    });
+    executor.execute(() -> channel.onDispatchMessage(name, message));
   }
 
   private void dispatchSubscription(final String name, final DispatchChannel channel) {
-    executor.execute(new Runnable() {
-      @Override
-      public void run() {
-        channel.onDispatchSubscribed(name);
-      }
-    });
+    executor.execute(() -> channel.onDispatchSubscribed(name));
   }
 
   private void dispatchUnsubscription(final String name, final DispatchChannel channel) {
-    executor.execute(new Runnable() {
-      @Override
-      public void run() {
-        channel.onDispatchUnsubscribed(name);
-      }
-    });
+    executor.execute(() -> channel.onDispatchUnsubscribed(name));
   }
 }

redis-dispatch/src/main/java/org/whispersystems/dispatch/io/RedisInputStream.java

@@ -20,7 +20,7 @@ public class RedisInputStream {
   }
 
   public String readLine() throws IOException {
-    ByteArrayOutputStream boas = new ByteArrayOutputStream();
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
 
     boolean foundCr = false;
 
@@ -31,14 +31,14 @@ public class RedisInputStream {
         throw new IOException("Stream closed!");
       }
 
-      boas.write(character);
+      baos.write(character);
 
       if      (foundCr && character == LF) break;
       else if (character == CR)            foundCr = true;
       else if (foundCr)                    foundCr = false;
     }
 
-    byte[] data = boas.toByteArray();
+    byte[] data = baos.toByteArray();
     return new String(data, 0, data.length-2);
   }
 

redis-dispatch/src/main/java/org/whispersystems/dispatch/io/RedisPubSubConnectionFactory.java

@@ -8,6 +8,6 @@ import org.whispersystems.dispatch.redis.PubSubConnection;
 
 public interface RedisPubSubConnectionFactory {
 
-  public PubSubConnection connect();
+  PubSubConnection connect();
 
 }

service/config/sample.yml

@@ -1,114 +1,316 @@
+# Example, relatively minimal, configuration that passes validation (see `io.dropwizard.cli.CheckCommand`)
+#
+# `unset` values will need to be set to work properly.
+# Most other values are technically valid for a local/demonstration environment, but are probably not production-ready.
+
+stripe:
+  apiKey: unset
+  idempotencyKeyGenerator: abcdefg12345678= # base64 for creating request idempotency hash
+  boostDescription: >
+    Example
+
+dynamoDbClientConfiguration:
+  region: us-west-2 # AWS Region
+
+dynamoDbTables:
+  accounts:
+    tableName: Example_Accounts
+    phoneNumberTableName: Example_Accounts_PhoneNumbers
+    phoneNumberIdentifierTableName: Example_Accounts_PhoneNumberIdentifiers
+    usernamesTableName: Example_Accounts_Usernames
+    scanPageSize: 100
+  deletedAccounts:
+    tableName: Example_DeletedAccounts
+    needsReconciliationIndexName: NeedsReconciliation
+  deletedAccountsLock:
+    tableName: Example_DeletedAccountsLock
+  issuedReceipts:
+    tableName: Example_IssuedReceipts
+    expiration: P30D # Duration of time until rows expire
+    generator: abcdefg12345678= # random base64-encoded binary sequence
+  keys:
+    tableName: Example_Keys
+  messages:
+    tableName: Example_Messages
+    expiration: P30D # Duration of time until rows expire
+  pendingAccounts:
+    tableName: Example_PendingAccounts
+  pendingDevices:
+    tableName: Example_PendingDevices
+  phoneNumberIdentifiers:
+    tableName: Example_PhoneNumberIdentifiers
+  profiles:
+    tableName: Example_Profiles
+  pushChallenge:
+    tableName: Example_PushChallenge
+  redeemedReceipts:
+    tableName: Example_RedeemedReceipts
+    expiration: P30D # Duration of time until rows expire
+  remoteConfig:
+    tableName: Example_RemoteConfig
+  reportMessage:
+    tableName: Example_ReportMessage
+  reservedUsernames:
+    tableName: Example_ReservedUsernames
+  subscriptions:
+    tableName: Example_Subscriptions
+
 twilio: # Twilio gateway configuration
-  accountId: 
-  accountToken: 
-  nanpaMessagingServiceSid: # Twilio SID for the messaging service to use for NANPA.
-  messagingServiceSid: # Twilio SID for the message service to use for non-NANPA.
-  verifyServiceSid: # Twilio SID for a Verify service
-  localDomain: # Domain Twilio can connect back to for calls. Should be domain of your service.
+  accountId: unset
+  accountToken: unset
+  nanpaMessagingServiceSid: unset # Twilio SID for the messaging service to use for NANPA.
+  messagingServiceSid: unset # Twilio SID for the message service to use for non-NANPA.
+  verifyServiceSid: unset # Twilio SID for a Verify service
+  localDomain: example.com # Domain Twilio can connect back to for calls. Should be domain of your service.
   defaultClientVerificationTexts:
-    ios: # Text to use for the verification message on iOS. Will be passed to String.format with the verification code as argument 1.
-    androidNg: # Text to use for the verification message on android-ng client types. Will be passed to String.format with the verification code as argument 1.
-    android202001: # Text to use for the verification message on android-2020-01 client types. Will be passed to String.format with the verification code as argument 1.
-    android202103: # Text to use for the verification message on android-2021-03 client types. Will be passed to String.format with the verification code as argument 1.
-    generic: # Text to use when the client type is unrecognized. Will be passed to String.format with the verification code as argument 1.
+    ios: example %1$s # Text to use for the verification message on iOS. Will be passed to String.format with the verification code as argument 1.
+    androidNg: example %1$s # Text to use for the verification message on android-ng client types. Will be passed to String.format with the verification code as argument 1.
+    android202001: example %1$s # Text to use for the verification message on android-2020-01 client types. Will be passed to String.format with the verification code as argument 1.
+    android202103: example %1$s # Text to use for the verification message on android-2021-03 client types. Will be passed to String.format with the verification code as argument 1.
+    generic: example %1$s # Text to use when the client type is unrecognized. Will be passed to String.format with the verification code as argument 1.
   regionalClientVerificationTexts: # Map of country codes to custom texts
     999: # example country code
-      ios:
-      # … all keys from defaultClientVerificationTexts are required
-  androidAppHash: # Hash appended to Android
-  verifyServiceFriendlyName: # Service name used in template. Requires Twilio account rep to enable
+      ios: example %1$s # all keys from defaultClientVerificationTexts are required
+      androidNg: example %1$s
+      android202001: example %1$s
+      android202103: example %1$s
+      generic: example %1$s
+  androidAppHash: example # Hash appended to Android
+  verifyServiceFriendlyName: example # Service name used in template. Requires Twilio account rep to enable
 
 push:
-  queueSize: # Size of push pending queue
-
-redphone:
-  authKey: # Deprecated
+  queueSize: 1000 # Size of push pending queue
 
 turn: # TURN server configuration
-  secret: # TURN server secret
+  secret: example # TURN server secret
   uris:
-    - stun:yourdomain:80
-    - stun:yourdomain.com:443
-    - turn:yourdomain:443?transport=udp
-    - turn:etc.com:80?transport=udp
+    - stun:example.com:80
+    - stun:another.example.com:443
+    - turn:example.com:443?transport=udp
+    - turn:ya.example.com:80?transport=udp
 
 cacheCluster: # Redis server configuration for cache cluster
-  urls:
+  configurationUri: redis://redis.example.com:6379/
+
+clientPresenceCluster: # Redis server configuration for client presence cluster
+  configurationUri: redis://redis.example.com:6379/
+
+pubsub: # Redis server configuration for pubsub cluster
+  url: redis://redis.example.com:6379/
+  replicaUrls:
     - redis://redis.example.com:6379/
 
+pushSchedulerCluster: # Redis server configuration for push scheduler cluster
+  configurationUri: redis://redis.example.com:6379/
+
+rateLimitersCluster: # Redis server configuration for rate limiters cluster
+  configurationUri: redis://redis.example.com:6379/
+
 directory:
   client: # Configuration for interfacing with Contact Discovery Service cluster
-    userAuthenticationTokenSharedSecret: # hex-encoded secret shared with CDS used to generate auth tokens for Signal users
-    userAuthenticationTokenUserIdSecret: # hex-encoded secret shared among Signal-Servers to obscure user phone numbers from CDS
+    userAuthenticationTokenSharedSecret: 00000f # hex-encoded secret shared with CDS used to generate auth tokens for Signal users
+    userAuthenticationTokenUserIdSecret: 00000f # hex-encoded secret shared among Signal-Servers to obscure user phone numbers from CDS
   sqs:
-    accessKey:      # AWS SQS accessKey
-    accessSecret:   # AWS SQS accessSecret
-    queueUrl:       # AWS SQS queue url
-  server:
-    replicationUrl:                # CDS replication endpoint base url
-    replicationPassword:           # CDS replication endpoint password
-    replicationCaCertificate:      # CDS replication endpoint TLS certificate trust root
-    reconciliationChunkSize:       # CDS reconciliation chunk size
-    reconciliationChunkIntervalMs: # CDS reconciliation chunk interval, in milliseconds
+    accessKey: test     # AWS SQS accessKey
+    accessSecret: test  # AWS SQS accessSecret
+    queueUrls: # AWS SQS queue urls
+      - https://sqs.example.com/directory.fifo
+  server: # One or more CDS servers
+    - replicationName: example           # CDS replication name
+      replicationUrl: cds.example.com    # CDS replication endpoint base url
+      replicationPassword: example       # CDS replication endpoint password
+      replicationCaCertificate: |        # CDS replication endpoint TLS certificate trust root
+        -----BEGIN CERTIFICATE-----
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+        AAAAAAAAAAAAAAAAAAAA
+        -----END CERTIFICATE-----
+
+directoryV2:
+  client: # Configuration for interfacing with Contact Discovery Service v2 cluster
+    userAuthenticationTokenSharedSecret: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG= # base64-encoded secret shared with CDS to generate auth tokens for Signal users
 
 messageCache: # Redis server configuration for message store cache
-  persistDelayMinutes:
-
+  persistDelayMinutes: 1
   cluster:
-    urls:
-      - redis://redis.example.com:6379/
-
-messageStore: # Postgresql database configuration for message store
-  driverClass: org.postgresql.Driver
-  user:
-  password:
-  url:
+    configurationUri: redis://redis.example.com:6379/
 
 metricsCluster:
-  urls:
-    - redis://redis.example.com:6379/
+  configurationUri: redis://redis.example.com:6379/
 
 awsAttachments: # AWS S3 configuration
-  accessKey:
-  accessSecret:
-  bucket:
-  region:
+  accessKey: test
+  accessSecret: test
+  bucket: aws-attachments
+  region: us-west-2
 
 gcpAttachments: # GCP Storage configuration
-  domain:
-  email:
-  maxSizeInBytes:
+  domain: example.com
+  email: user@example.cocm
+  maxSizeInBytes: 1024
   pathPrefix:
-  rsaSigningKey:
+  rsaSigningKey: |
+    -----BEGIN PRIVATE KEY-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAA
+    -----END PRIVATE KEY-----
 
-profiles: # AWS S3 configuration
-  accessKey:
-  accessSecret:
-  bucket:
-  region:
-
-database: # Postgresql database configuration
+abuseDatabase: # Postgresql database configuration
   driverClass: org.postgresql.Driver
-  user:
-  password:
-  url:
+  user: example
+  password: password
+  url: jdbc:postgresql://example.com:5432/abusedb
+
+accountDatabaseCrawler:
+  chunkSize: 10           # accounts per run
+  chunkIntervalMs: 60000  # time per run
 
 apn: # Apple Push Notifications configuration
   sandbox: true
-  bundleId:
-  keyId:
-  teamId:
-  signingKey:
+  bundleId: com.example.textsecuregcm
+  keyId: unset
+  teamId: unset
+  signingKey: |
+    -----BEGIN PRIVATE KEY-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAA
+    -----END PRIVATE KEY-----
 
 gcm: # GCM Configuration
-  senderId:
-  apiKey:
+  senderId: 123456789
+  apiKey: unset
 
-micrometer: # Micrometer metrics config
-  - name: "example"
-  - uri: "https://metrics.example.com/"
-  - apiKey:
-  - accountId:
+cdn:
+  accessKey: test    # AWS Access Key ID
+  accessSecret: test # AWS Access Secret
+  bucket: cdn        # S3 Bucket name
+  region: us-west-2  # AWS region
+
+datadog:
+  apiKey: unset
+  environment: dev
+
+unidentifiedDelivery:
+  certificate: ABCD1234
+  privateKey: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789AAAAAAA
+  expiresDays: 7
+
+voiceVerification:
+  url: https://cdn-ca.signal.org/verification/
+  locales:
+    - en
+
+recaptcha:
+  secret: unset
+
+recaptchaV2:
+  siteKey: unset
+  scoreFloor: 1.0
+  projectPath: projects/example
+  credentialConfigurationJson: "{ }" # service account configuration for backend authentication
+
+storageService:
+  uri: storage.example.com
+  userAuthenticationTokenSharedSecret: 00000f
+  storageCaCertificate: |
+    -----BEGIN CERTIFICATE-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAAAAAAAAAAAAAA
+    -----END CERTIFICATE-----
+
+backupService:
+  uri: backup.example.com
+  userAuthenticationTokenSharedSecret: 00000f
+  backupCaCertificate: |
+    -----BEGIN CERTIFICATE-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAAAAAAAAAAAAAA
+    -----END CERTIFICATE-----
+
+zkConfig:
+  serverPublic: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+  serverSecret: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzAA==
+
+appConfig:
+  application: example
+  environment: example
+  configuration: example
 
 remoteConfig:
   authorizedTokens:
@@ -117,23 +319,64 @@ remoteConfig:
     - # ...
     - # Nth authorized token
   globalConfig: # keys and values that are given to clients on GET /v1/config
+    EXAMPLE_KEY: VALUE
 
-paymentService:
-  userAuthenticationTokenSharedSecret: # hex-encoded 32-byte secret shared with MobileCoin services used to generate auth tokens for Signal users
+paymentsService:
+  userAuthenticationTokenSharedSecret: 0000000f0000000f0000000f0000000f0000000f0000000f0000000f0000000f # hex-encoded 32-byte secret shared with MobileCoin services used to generate auth tokens for Signal users
+  fixerApiKey: unset
+  paymentCurrencies:
+    # list of symbols for supported currencies
+    - MOB
 
 donation:
-  uri: # value
-  apiKey: # value
+  uri: donation.example.com # value
   supportedCurrencies:
     - # 1st supported currency
     - # 2nd supported currency
     - # ...
     - # Nth supported currency
-  circuitBreaker:
-    failureRateThreshold: # value
-    ringBufferSizeInHalfOpenState: # value
-    ringBufferSizeInClosedState: # value
-    waitDurationInOpenStateInSeconds: # value
-  retry:
-    maxAttempts: # value
-    waitDuration: # value
+
+badges:
+  badges:
+    - id: TEST
+      category: other
+      sprites: # exactly 6
+        - sprite-1.png
+        - sprite-2.png
+        - sprite-3.png
+        - sprite-4.png
+        - sprite-5.png
+        - sprite-6.png
+      svg: example.svg
+      svgs:
+        - light: example-light.svg
+          dark: example-dark.svg
+  badgeIdsEnabledForAll:
+    - TEST
+  receiptLevels:
+    '1': TEST
+
+subscription: # configuration for Stripe subscriptions
+  badgeGracePeriod: P15D
+  levels:
+    500:
+      badge: EXAMPLE
+      prices:
+        # list of ISO 4217 currency codes and amounts for the given badge level
+        xts:
+          amount: '10'
+          id: price_example # stripe ID
+
+boost:
+  level: 1
+  expiration: P90D
+  badge: EXAMPLE
+  currencies:
+    # ISO 4217 currency codes and amounts in those currencies
+    xts:
+      - '1'
+      - '2'
+      - '4'
+      - '8'
+      - '20'
+      - '40'

service/pom.xml

@@ -42,7 +42,7 @@
     <dependency>
       <groupId>org.signal</groupId>
       <artifactId>zkgroup-java</artifactId>
-      <version>0.7.0</version>
+      <version>0.9.0</version>
     </dependency>
     <dependency>
       <groupId>org.whispersystems</groupId>
@@ -218,15 +218,14 @@
       <groupId>io.micrometer</groupId>
       <artifactId>micrometer-core</artifactId>
     </dependency>
-    <dependency>
-      <groupId>io.micrometer</groupId>
-      <artifactId>micrometer-registry-wavefront</artifactId>
-    </dependency>
     <dependency>
       <groupId>io.micrometer</groupId>
       <artifactId>micrometer-registry-datadog</artifactId>
     </dependency>
-
+    <dependency>
+      <groupId>org.coursera</groupId>
+      <artifactId>dropwizard-metrics-datadog</artifactId>
+    </dependency>
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-core</artifactId>
@@ -252,14 +251,26 @@
       <artifactId>jackson-jaxrs-json-provider</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>sts</artifactId>
+    </dependency>
     <dependency>
       <groupId>software.amazon.awssdk</groupId>
       <artifactId>s3</artifactId>
     </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>sqs</artifactId>
+    </dependency>
     <dependency>
       <groupId>software.amazon.awssdk</groupId>
       <artifactId>dynamodb</artifactId>
     </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>appconfig</artifactId>
+    </dependency>
     <dependency>
       <groupId>com.amazonaws</groupId>
       <artifactId>aws-java-sdk-core</artifactId>
@@ -270,11 +281,14 @@
     </dependency>
     <dependency>
       <groupId>com.amazonaws</groupId>
-      <artifactId>aws-java-sdk-sqs</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.amazonaws</groupId>
-      <artifactId>aws-java-sdk-appconfig</artifactId>
+      <artifactId>dynamodb-lock-client</artifactId>
+      <version>1.1.0</version>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-logging</groupId>
+          <artifactId>commons-logging</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -355,9 +369,9 @@
     </dependency>
 
     <dependency>
-      <groupId>com.opentable.components</groupId>
-      <artifactId>otj-pg-embedded</artifactId>
-      <version>0.13.3</version>
+      <groupId>io.zonky.test</groupId>
+      <artifactId>embedded-postgres</artifactId>
+      <version>1.3.1</version>
       <scope>test</scope>
     </dependency>
 
@@ -393,7 +407,6 @@
     <dependency>
       <groupId>org.signal</groupId>
       <artifactId>embedded-redis</artifactId>
-      <version>0.8.1</version>
       <scope>test</scope>
     </dependency>
 
@@ -407,7 +420,7 @@
     <dependency>
       <groupId>com.amazonaws</groupId>
       <artifactId>DynamoDBLocal</artifactId>
-      <version>1.13.6</version>
+      <version>1.16.0</version>
       <scope>test</scope>
       <exclusions>
         <exclusion>
@@ -417,6 +430,16 @@
       </exclusions>
     </dependency>
 
+    <dependency>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-cloud-recaptchaenterprise</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>com.stripe</groupId>
+      <artifactId>stripe-java</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>pl.pragmatists</groupId>
       <artifactId>JUnitParams</artifactId>
@@ -425,103 +448,112 @@
     </dependency>
   </dependencies>
 
+  <profiles>
+    <profile>
+      <id>exclude-abusive-message-filter</id>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-shade-plugin</artifactId>
+            <version>3.2.4</version>
+            <configuration>
+              <createDependencyReducedPom>true</createDependencyReducedPom>
+              <filters>
+                <filter>
+                  <artifact>*:*</artifact>
+                  <excludes>
+                    <exclude>META-INF/*.SF</exclude>
+                    <exclude>META-INF/*.DSA</exclude>
+                    <exclude>META-INF/*.RSA</exclude>
+                  </excludes>
+                </filter>
+              </filters>
+            </configuration>
+            <executions>
+              <execution>
+                <phase>package</phase>
+                <goals>
+                  <goal>shade</goal>
+                </goals>
+                <configuration>
+                  <transformers>
+                    <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
+                    <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+                      <mainClass>org.whispersystems.textsecuregcm.WhisperServerService</mainClass>
+                    </transformer>
+                  </transformers>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-assembly-plugin</artifactId>
+            <version>3.3.0</version>
+            <configuration>
+              <descriptors>
+                <descriptor>assembly.xml</descriptor>
+              </descriptors>
+            </configuration>
+            <executions>
+              <execution>
+                <id>make-assembly</id> <!-- this is used for inheritance merges -->
+                <phase>package</phase> <!-- bind to the packaging phase -->
+                <goals>
+                  <goal>single</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+
+          <plugin>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>properties-maven-plugin</artifactId>
+            <version>1.0.0</version>
+            <executions>
+              <execution>
+                <id>read-deploy-configuration</id>
+                <phase>deploy</phase>
+                <goals>
+                  <goal>read-project-properties</goal>
+                </goals>
+                <configuration>
+                  <files>${project.basedir}/config/deploy.properties</files>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+
+          <plugin>
+            <groupId>org.signal</groupId>
+            <artifactId>s3-upload-maven-plugin</artifactId>
+            <version>1.6-SNAPSHOT</version>
+            <configuration>
+              <source>${project.build.directory}/${project.build.finalName}-bin.tar.gz</source>
+              <bucketName>${deploy.bucketName}</bucketName>
+              <region>${deploy.bucketRegion}</region>
+              <destination>${project.build.finalName}-bin.tar.gz</destination>
+            </configuration>
+            <executions>
+              <execution>
+                <id>deploy-to-s3</id>
+                <phase>deploy</phase>
+                <goals>
+                  <goal>s3-upload</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
 
   <build>
     <finalName>${project.parent.artifactId}-${project.version}</finalName>
     <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-shade-plugin</artifactId>
-        <version>3.2.4</version>
-        <configuration>
-          <createDependencyReducedPom>true</createDependencyReducedPom>
-          <filters>
-            <filter>
-              <artifact>*:*</artifact>
-              <excludes>
-                <exclude>META-INF/*.SF</exclude>
-                <exclude>META-INF/*.DSA</exclude>
-                <exclude>META-INF/*.RSA</exclude>
-              </excludes>
-            </filter>
-          </filters>
-        </configuration>
-        <executions>
-          <execution>
-            <phase>package</phase>
-            <goals>
-              <goal>shade</goal>
-            </goals>
-            <configuration>
-              <transformers>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
-                  <mainClass>org.whispersystems.textsecuregcm.WhisperServerService</mainClass>
-                </transformer>
-              </transformers>
-            </configuration>
-          </execution>
-        </executions>
-      </plugin>
-
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-assembly-plugin</artifactId>
-        <version>3.3.0</version>
-        <configuration>
-          <descriptors>
-            <descriptor>assembly.xml</descriptor>
-          </descriptors>
-        </configuration>
-        <executions>
-          <execution>
-            <id>make-assembly</id> <!-- this is used for inheritance merges -->
-            <phase>package</phase> <!-- bind to the packaging phase -->
-            <goals>
-              <goal>single</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-
-      <plugin>
-        <groupId>org.codehaus.mojo</groupId>
-        <artifactId>properties-maven-plugin</artifactId>
-        <version>1.0.0</version>
-        <executions>
-          <execution>
-            <id>read-deploy-configuration</id>
-            <phase>deploy</phase>
-            <goals>
-              <goal>read-project-properties</goal>
-            </goals>
-            <configuration>
-              <files>${project.basedir}/config/deploy.properties</files>
-            </configuration>
-          </execution>
-        </executions>
-      </plugin>
-
-      <plugin>
-        <groupId>com.bazaarvoice.maven.plugins</groupId>
-        <artifactId>s3-upload-maven-plugin</artifactId>
-        <version>1.5</version>
-        <configuration>
-          <source>${project.build.directory}/${project.build.finalName}-bin.tar.gz</source>
-          <bucketName>${deploy.bucketName}</bucketName>
-          <destination>${project.build.finalName}-bin.tar.gz</destination>
-        </configuration>
-        <executions>
-          <execution>
-            <id>deploy-to-s3</id>
-            <phase>deploy</phase>
-            <goals>
-              <goal>s3-upload</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-
       <plugin>
         <groupId>org.codehaus.mojo</groupId>
         <artifactId>templating-maven-plugin</artifactId>
@@ -535,6 +567,40 @@
           </execution>
         </executions>
       </plugin>
+
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <executions>
+          <execution>
+            <goals>
+              <goal>test-jar</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>exec-maven-plugin</artifactId>
+        <version>3.0.0</version>
+        <executions>
+          <execution>
+            <id>check-all-service-config</id>
+            <phase>verify</phase>
+            <goals>
+              <goal>java</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <mainClass>org.whispersystems.textsecuregcm.CheckServiceConfigurations</mainClass>
+          <classpathScope>test</classpathScope>
+          <arguments>
+            <argument>${project.basedir}/config</argument>
+          </arguments>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 </project>

service/src/main/java/org/signal/i18n/HeaderControlledResourceBundleLookup.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.signal.i18n;
+
+import com.google.common.annotations.VisibleForTesting;
+import java.util.List;
+import java.util.Locale;
+import java.util.Objects;
+import java.util.ResourceBundle;
+import java.util.ResourceBundle.Control;
+import java.util.stream.Collectors;
+import javax.annotation.Nonnull;
+
+public class HeaderControlledResourceBundleLookup {
+
+  private static final int MAX_LOCALES = 15;
+
+  private final ResourceBundleFactory resourceBundleFactory;
+
+  public HeaderControlledResourceBundleLookup() {
+    this(ResourceBundle::getBundle);
+  }
+
+  @VisibleForTesting
+  public HeaderControlledResourceBundleLookup(
+      @Nonnull final ResourceBundleFactory resourceBundleFactory) {
+    this.resourceBundleFactory = Objects.requireNonNull(resourceBundleFactory);
+  }
+
+  @Nonnull
+  private List<Locale> getAcceptableLocales(final List<Locale> acceptableLanguages) {
+    return acceptableLanguages.stream().limit(MAX_LOCALES).distinct().collect(Collectors.toList());
+  }
+
+  @Nonnull
+  public ResourceBundle getResourceBundle(final String baseName, final List<Locale> acceptableLocales) {
+    final List<Locale> deduplicatedLocales = getAcceptableLocales(acceptableLocales);
+    final Locale desiredLocale = deduplicatedLocales.isEmpty() ? Locale.getDefault() : deduplicatedLocales.get(0);
+    // define a control with a fallback order as specified in the header
+    Control control = new Control() {
+      @Override
+      public List<String> getFormats(final String baseName) {
+        Objects.requireNonNull(baseName);
+        return Control.FORMAT_PROPERTIES;
+      }
+
+      @Override
+      public Locale getFallbackLocale(final String baseName, final Locale locale) {
+        Objects.requireNonNull(baseName);
+        if (locale.equals(Locale.getDefault())) {
+          return null;
+        }
+        final int localeIndex = deduplicatedLocales.indexOf(locale);
+        if (localeIndex < 0 || localeIndex >= deduplicatedLocales.size() - 1) {
+          return Locale.getDefault();
+        }
+        // [0, deduplicatedLocales.size() - 2] is now the possible range for localeIndex
+        return deduplicatedLocales.get(localeIndex + 1);
+      }
+    };
+
+    return resourceBundleFactory.createBundle(baseName, desiredLocale, control);
+  }
+}

service/src/main/java/org/signal/i18n/ResourceBundleFactory.java

@@ -0,0 +1,13 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.signal.i18n;
+
+import java.util.Locale;
+import java.util.ResourceBundle;
+
+public interface ResourceBundleFactory {
+  ResourceBundle createBundle(String baseName, Locale locale, ResourceBundle.Control control);
+}

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm;
@@ -13,35 +13,39 @@ import java.util.List;
 import java.util.Map;
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.configuration.AbusiveMessageFilterConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AccountDatabaseCrawlerConfiguration;
-import org.whispersystems.textsecuregcm.configuration.AccountsDatabaseConfiguration;
-import org.whispersystems.textsecuregcm.configuration.AccountsDynamoDbConfiguration;
 import org.whispersystems.textsecuregcm.configuration.ApnConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AppConfigConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AwsAttachmentsConfiguration;
+import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
+import org.whispersystems.textsecuregcm.configuration.BoostConfiguration;
 import org.whispersystems.textsecuregcm.configuration.CdnConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DatabaseConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DatadogConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DirectoryConfiguration;
+import org.whispersystems.textsecuregcm.configuration.DirectoryV2Configuration;
 import org.whispersystems.textsecuregcm.configuration.DonationConfiguration;
-import org.whispersystems.textsecuregcm.configuration.DynamoDbConfiguration;
+import org.whispersystems.textsecuregcm.configuration.DynamoDbClientConfiguration;
+import org.whispersystems.textsecuregcm.configuration.DynamoDbTables;
 import org.whispersystems.textsecuregcm.configuration.GcmConfiguration;
 import org.whispersystems.textsecuregcm.configuration.GcpAttachmentsConfiguration;
 import org.whispersystems.textsecuregcm.configuration.MaxDeviceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.MessageCacheConfiguration;
-import org.whispersystems.textsecuregcm.configuration.MessageDynamoDbConfiguration;
-import org.whispersystems.textsecuregcm.configuration.WavefrontConfiguration;
 import org.whispersystems.textsecuregcm.configuration.PaymentsServiceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.PushConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RateLimitsConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RecaptchaConfiguration;
+import org.whispersystems.textsecuregcm.configuration.RecaptchaV2Configuration;
 import org.whispersystems.textsecuregcm.configuration.RedisClusterConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RedisConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RemoteConfigConfiguration;
+import org.whispersystems.textsecuregcm.configuration.ReportMessageConfiguration;
 import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.SecureStorageServiceConfiguration;
+import org.whispersystems.textsecuregcm.configuration.StripeConfiguration;
+import org.whispersystems.textsecuregcm.configuration.SubscriptionConfiguration;
 import org.whispersystems.textsecuregcm.configuration.TestDeviceConfiguration;
-import org.whispersystems.textsecuregcm.configuration.MonitoredS3ObjectConfiguration;
 import org.whispersystems.textsecuregcm.configuration.TurnConfiguration;
 import org.whispersystems.textsecuregcm.configuration.TwilioConfiguration;
 import org.whispersystems.textsecuregcm.configuration.UnidentifiedDeliveryConfiguration;
@@ -52,6 +56,21 @@ import org.whispersystems.websocket.configuration.WebSocketConfiguration;
 /** @noinspection MismatchedQueryAndUpdateOfCollection, WeakerAccess */
 public class WhisperServerConfiguration extends Configuration {
 
+  @NotNull
+  @Valid
+  @JsonProperty
+  private StripeConfiguration stripe;
+
+  @NotNull
+  @Valid
+  @JsonProperty
+  private DynamoDbClientConfiguration dynamoDbClientConfiguration;
+
+  @NotNull
+  @Valid
+  @JsonProperty
+  private DynamoDbTables dynamoDbTables;
+
   @NotNull
   @Valid
   @JsonProperty
@@ -77,11 +96,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private CdnConfiguration cdn;
 
-  @NotNull
-  @Valid
-  @JsonProperty
-  private WavefrontConfiguration wavefront;
-
   @NotNull
   @Valid
   @JsonProperty
@@ -107,6 +121,11 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private DirectoryConfiguration directory;
 
+  @NotNull
+  @Valid
+  @JsonProperty
+  private DirectoryV2Configuration directoryV2;
+
   @NotNull
   @Valid
   @JsonProperty
@@ -132,41 +151,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private RedisClusterConfiguration clientPresenceCluster;
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private MessageDynamoDbConfiguration messageDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration keysDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private AccountsDynamoDbConfiguration accountsDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration migrationDeletedAccountsDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration migrationRetryAccountsDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration pushChallengeDynamoDb;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DynamoDbConfiguration reportMessageDynamoDb;
-
   @Valid
   @NotNull
   @JsonProperty
@@ -182,11 +166,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private List<MaxDeviceConfiguration> maxDevices = new LinkedList<>();
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private AccountsDatabaseConfiguration accountsDatabase;
-
   @Valid
   @NotNull
   @JsonProperty
@@ -232,6 +211,11 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private RecaptchaConfiguration recaptcha;
 
+  @Valid
+  @NotNull
+  @JsonProperty
+  private RecaptchaV2Configuration recaptchaV2;
+
   @Valid
   @NotNull
   @JsonProperty
@@ -262,27 +246,57 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private AppConfigConfiguration appConfig;
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private MonitoredS3ObjectConfiguration torExitNodeList;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private MonitoredS3ObjectConfiguration asnTable;
-
   @Valid
   @NotNull
   @JsonProperty
   private DonationConfiguration donation;
 
+  @Valid
+  @NotNull
+  @JsonProperty
+  private BadgesConfiguration badges;
+
+  @Valid
+  @JsonProperty
+  @NotNull
+  private SubscriptionConfiguration subscription;
+
+  @Valid
+  @JsonProperty
+  @NotNull
+  private BoostConfiguration boost;
+
+  @Valid
+  @NotNull
+  @JsonProperty
+  private ReportMessageConfiguration reportMessage = new ReportMessageConfiguration();
+
+  @Valid
+  @JsonProperty
+  private AbusiveMessageFilterConfiguration abusiveMessageFilter;
+
   private Map<String, String> transparentDataIndex = new HashMap<>();
 
+  public StripeConfiguration getStripe() {
+    return stripe;
+  }
+
+  public DynamoDbClientConfiguration getDynamoDbClientConfiguration() {
+    return dynamoDbClientConfiguration;
+  }
+
+  public DynamoDbTables getDynamoDbTables() {
+    return dynamoDbTables;
+  }
+
   public RecaptchaConfiguration getRecaptchaConfiguration() {
     return recaptcha;
   }
 
+  public RecaptchaV2Configuration getRecaptchaV2Configuration() {
+    return recaptchaV2;
+  }
+
   public VoiceVerificationConfiguration getVoiceVerificationConfiguration() {
     return voiceVerification;
   }
@@ -327,6 +341,10 @@ public class WhisperServerConfiguration extends Configuration {
     return directory;
   }
 
+  public DirectoryV2Configuration getDirectoryV2Configuration() {
+    return directoryV2;
+  }
+
   public SecureStorageServiceConfiguration getSecureStorageServiceConfiguration() {
     return storageService;
   }
@@ -351,34 +369,10 @@ public class WhisperServerConfiguration extends Configuration {
     return rateLimitersCluster;
   }
 
-  public MessageDynamoDbConfiguration getMessageDynamoDbConfiguration() {
-    return messageDynamoDb;
-  }
-
-  public DynamoDbConfiguration getKeysDynamoDbConfiguration() {
-    return keysDynamoDb;
-  }
-
-  public AccountsDynamoDbConfiguration getAccountsDynamoDbConfiguration() {
-    return accountsDynamoDb;
-  }
-
-  public DynamoDbConfiguration getMigrationDeletedAccountsDynamoDbConfiguration() {
-    return migrationDeletedAccountsDynamoDb;
-  }
-
-  public DynamoDbConfiguration getMigrationRetryAccountsDynamoDbConfiguration() {
-    return migrationRetryAccountsDynamoDb;
-  }
-
   public DatabaseConfiguration getAbuseDatabaseConfiguration() {
     return abuseDatabase;
   }
 
-  public AccountsDatabaseConfiguration getAccountsDatabaseConfiguration() {
-    return accountsDatabase;
-  }
-
   public RateLimitsConfiguration getLimitsConfiguration() {
     return limits;
   }
@@ -399,10 +393,6 @@ public class WhisperServerConfiguration extends Configuration {
     return cdn;
   }
 
-  public WavefrontConfiguration getWavefrontConfiguration() {
-    return wavefront;
-  }
-
   public DatadogConfiguration getDatadogConfiguration() {
     return datadog;
   }
@@ -457,23 +447,27 @@ public class WhisperServerConfiguration extends Configuration {
     return appConfig;
   }
 
-  public DynamoDbConfiguration getPushChallengeDynamoDbConfiguration() {
-    return pushChallengeDynamoDb;
-  }
-
-  public DynamoDbConfiguration getReportMessageDynamoDbConfiguration() {
-    return reportMessageDynamoDb;
-  }
-
-  public MonitoredS3ObjectConfiguration getTorExitNodeListConfiguration() {
-    return torExitNodeList;
-  }
-
-  public MonitoredS3ObjectConfiguration getAsnTableConfiguration() {
-    return asnTable;
-  }
-
   public DonationConfiguration getDonationConfiguration() {
     return donation;
   }
+
+  public BadgesConfiguration getBadges() {
+    return badges;
+  }
+
+  public SubscriptionConfiguration getSubscription() {
+    return subscription;
+  }
+
+  public BoostConfiguration getBoost() {
+    return boost;
+  }
+
+  public ReportMessageConfiguration getReportMessageConfiguration() {
+    return reportMessage;
+  }
+
+  public AbusiveMessageFilterConfiguration getAbusiveMessageFilterConfiguration() {
+    return abusiveMessageFilter;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/abuse/AbusiveMessageFilter.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.abuse;
+
+import io.dropwizard.lifecycle.Managed;
+import javax.ws.rs.container.ContainerRequestFilter;
+import java.io.IOException;
+
+/**
+ * An abusive message filter is a {@link ContainerRequestFilter} that filters requests to message-sending endpoints to
+ * detect and respond to patterns of abusive behavior.
+ * <p/>
+ * Abusive message filters are managed components that are generally loaded dynamically via a
+ * {@link java.util.ServiceLoader}. Their {@link #configure(String)} method will be called prior to be adding to the
+ * server's pool of {@link Managed} objects.
+ * <p/>
+ * Abusive message filters must be annotated with {@link FilterAbusiveMessages}, a name binding annotation that
+ * restricts the endpoints to which the filter may apply.
+ */
+public interface AbusiveMessageFilter extends ContainerRequestFilter, Managed {
+
+  /**
+   * Configures this abusive message filter. This method will be called before the filter is added to the server's pool
+   * of managed objects and before the server processes any requests.
+   *
+   * @param environmentName the name of the environment in which this filter is running (e.g. "staging" or "production")
+   * @throws IOException if the filter could not read its configuration source for any reason
+   */
+  void configure(String environmentName) throws IOException;
+}

service/src/main/java/org/whispersystems/textsecuregcm/abuse/FilterAbusiveMessages.java

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.abuse;
+
+import javax.ws.rs.NameBinding;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * A name-binding annotation that associates {@link AbusiveMessageFilter}s with resource methods.
+ */
+@NameBinding
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+public @interface FilterAbusiveMessages {
+}

service/src/main/java/org/whispersystems/textsecuregcm/abuse/RateLimitChallengeListener.java

@@ -0,0 +1,24 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.abuse;
+
+
+import org.whispersystems.textsecuregcm.storage.Account;
+import java.io.IOException;
+
+public interface RateLimitChallengeListener {
+
+  void handleRateLimitChallengeAnswered(Account account);
+
+  /**
+   * Configures this rate limit challenge listener. This method will be called before the service begins processing any
+   * challenges.
+   *
+   * @param environmentName the name of the environment in which this listener is running (e.g. "staging" or "production")
+   * @throws IOException if the listener could not read its configuration source for any reason
+   */
+  void configure(String environmentName) throws IOException;
+}

service/src/main/java/org/whispersystems/textsecuregcm/abuse/RateLimitChallengeType.java

@@ -0,0 +1,12 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.abuse;
+
+public enum RateLimitChallengeType {
+
+  PUSH_CHALLENGE,
+  RECAPTCHA
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAndAuthenticatedDeviceHolder.java

@@ -0,0 +1,16 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.Device;
+
+public interface AccountAndAuthenticatedDeviceHolder {
+
+  Account getAccount();
+
+  Device getAuthenticatedDevice();
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAuthenticator.java

@@ -1,39 +1,38 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm.auth;
 
-import io.micrometer.core.instrument.Metrics;
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-
-import java.util.Optional;
-
 import io.dropwizard.auth.Authenticator;
 import io.dropwizard.auth.basic.BasicCredentials;
+import java.util.Optional;
+import io.micrometer.core.instrument.Metrics;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
 
 import static com.codahale.metrics.MetricRegistry.name;
 
-public class AccountAuthenticator extends BaseAccountAuthenticator implements Authenticator<BasicCredentials, Account> {
+public class AccountAuthenticator extends BaseAccountAuthenticator implements
+    Authenticator<BasicCredentials, AuthenticatedAccount> {
 
-  private static final String AUTHENTICATION_COUNTER_NAME     = name(AccountAuthenticator.class, "authenticate");
-  private static final String GV2_CAPABLE_TAG_NAME            = "gv1Migration";
+  private static final String AUTHENTICATION_COUNTER_NAME = name(AccountAuthenticator.class, "authenticate");
 
   public AccountAuthenticator(AccountsManager accountsManager) {
     super(accountsManager);
   }
 
   @Override
-  public Optional<Account> authenticate(BasicCredentials basicCredentials) {
-    final Optional<Account> maybeAccount = super.authenticate(basicCredentials, true);
+  public Optional<AuthenticatedAccount> authenticate(BasicCredentials basicCredentials) {
+    final Optional<AuthenticatedAccount> maybeAuthenticatedAccount = super.authenticate(basicCredentials, true);
 
-    // TODO Remove this temporary counter when we can replace it with more generic feature adoption system
-    maybeAccount.ifPresent(account -> {
-      Metrics.counter(AUTHENTICATION_COUNTER_NAME, GV2_CAPABLE_TAG_NAME, String.valueOf(account.isGv1MigrationSupported())).increment();
-    });
+    // TODO Remove after announcement groups have launched
+    maybeAuthenticatedAccount.ifPresent(authenticatedAccount ->
+        Metrics.counter(AUTHENTICATION_COUNTER_NAME,
+            "supportsAnnouncementGroups",
+            String.valueOf(authenticatedAccount.getAccount().isAnnouncementGroupSupported()))
+            .increment());
 
-    return maybeAccount;
+    return maybeAuthenticatedAccount;
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/AmbiguousIdentifier.java

@@ -1,45 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.auth;
-
-import java.util.UUID;
-
-public class AmbiguousIdentifier {
-
-  private final UUID   uuid;
-  private final String number;
-
-  public AmbiguousIdentifier(String target) {
-    if (target.startsWith("+")) {
-      this.uuid   = null;
-      this.number = target;
-    } else {
-      this.uuid   = UUID.fromString(target);
-      this.number = null;
-    }
-  }
-
-  public UUID getUuid() {
-    return uuid;
-  }
-
-  public String getNumber() {
-    return number;
-  }
-
-  public boolean hasUuid() {
-    return uuid != null;
-  }
-
-  public boolean hasNumber() {
-    return number != null;
-  }
-
-  @Override
-  public String toString() {
-    return hasUuid() ? uuid.toString() : number;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthEnablementRefreshRequirementProvider.java

@@ -0,0 +1,100 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import com.google.common.annotations.VisibleForTesting;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import org.glassfish.jersey.server.ContainerRequest;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
+import org.whispersystems.textsecuregcm.storage.Device;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+/**
+ * This {@link WebsocketRefreshRequirementProvider} observes intra-request changes in {@link Account#isEnabled()} and
+ * {@link Device#isEnabled()}.
+ * <p>
+ * If a change in {@link Account#isEnabled()} or any associated {@link Device#isEnabled()} is observed, then any active
+ * WebSocket connections for the account must be closed in order for clients to get a refreshed
+ * {@link io.dropwizard.auth.Auth} object with a current device list.
+ *
+ * @see AuthenticatedAccount
+ * @see DisabledPermittedAuthenticatedAccount
+ */
+public class AuthEnablementRefreshRequirementProvider implements WebsocketRefreshRequirementProvider {
+
+  private final AccountsManager accountsManager;
+
+  private static final Logger logger = LoggerFactory.getLogger(AuthEnablementRefreshRequirementProvider.class);
+
+  private static final String ACCOUNT_UUID = AuthEnablementRefreshRequirementProvider.class.getName() + ".accountUuid";
+  private static final String DEVICES_ENABLED = AuthEnablementRefreshRequirementProvider.class.getName() + ".devicesEnabled";
+
+  public AuthEnablementRefreshRequirementProvider(final AccountsManager accountsManager) {
+    this.accountsManager = accountsManager;
+  }
+
+  @VisibleForTesting
+  static Map<Long, Boolean> buildDevicesEnabledMap(final Account account) {
+    return account.getDevices().stream().collect(Collectors.toMap(Device::getId, Device::isEnabled));
+  }
+
+  @Override
+  public void handleRequestFiltered(final RequestEvent requestEvent) {
+    if (requestEvent.getUriInfo().getMatchedResourceMethod().getInvocable().getHandlingMethod().getAnnotation(ChangesDeviceEnabledState.class) != null) {
+      // The authenticated principal, if any, will be available after filters have run.
+      // Now that the account is known, capture a snapshot of `isEnabled` for the account's devices before carrying out
+      // the request’s business logic.
+      ContainerRequestUtil.getAuthenticatedAccount(requestEvent.getContainerRequest()).ifPresent(account ->
+          setAccount(requestEvent.getContainerRequest(), account));
+    }
+  }
+
+  public static void setAccount(final ContainerRequest containerRequest, final Account account) {
+    containerRequest.setProperty(ACCOUNT_UUID, account.getUuid());
+    containerRequest.setProperty(DEVICES_ENABLED, buildDevicesEnabledMap(account));
+  }
+
+  @Override
+  public List<Pair<UUID, Long>> handleRequestFinished(final RequestEvent requestEvent) {
+    // Now that the request is finished, check whether `isEnabled` changed for any of the devices. If the value did
+    // change or if a devices was added or removed, all devices must disconnect and reauthenticate.
+    if (requestEvent.getContainerRequest().getProperty(DEVICES_ENABLED) != null) {
+
+      @SuppressWarnings("unchecked") final Map<Long, Boolean> initialDevicesEnabled =
+          (Map<Long, Boolean>) requestEvent.getContainerRequest().getProperty(DEVICES_ENABLED);
+
+      return accountsManager.getByAccountIdentifier((UUID) requestEvent.getContainerRequest().getProperty(ACCOUNT_UUID)).map(account -> {
+        final Set<Long> deviceIdsToDisplace;
+        final Map<Long, Boolean> currentDevicesEnabled = buildDevicesEnabledMap(account);
+
+        if (!initialDevicesEnabled.equals(currentDevicesEnabled)) {
+          deviceIdsToDisplace = new HashSet<>(initialDevicesEnabled.keySet());
+          deviceIdsToDisplace.addAll(currentDevicesEnabled.keySet());
+        } else {
+          deviceIdsToDisplace = Collections.emptySet();
+        }
+
+        return deviceIdsToDisplace.stream()
+            .map(deviceId -> new Pair<>(account.getUuid(), deviceId))
+            .collect(Collectors.toList());
+      }).orElseGet(() -> {
+        logger.error("Request had account, but it is no longer present");
+        return Collections.emptyList();
+      });
+    } else
+      return Collections.emptyList();
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthenticatedAccount.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.security.Principal;
+import java.util.function.Supplier;
+import javax.security.auth.Subject;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.Device;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+public class AuthenticatedAccount implements Principal, AccountAndAuthenticatedDeviceHolder {
+
+  private final Supplier<Pair<Account, Device>> accountAndDevice;
+
+  public AuthenticatedAccount(final Supplier<Pair<Account, Device>> accountAndDevice) {
+    this.accountAndDevice = accountAndDevice;
+  }
+
+  @Override
+  public Account getAccount() {
+    return accountAndDevice.get().first();
+  }
+
+  @Override
+  public Device getAuthenticatedDevice() {
+    return accountAndDevice.get().second();
+  }
+
+  // Principal implementation
+
+  @Override
+  public String getName() {
+    return null;
+  }
+
+  @Override
+  public boolean implies(final Subject subject) {
+    return false;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthorizationHeader.java

@@ -1,81 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.textsecuregcm.auth;
-
-
-import org.whispersystems.textsecuregcm.util.Util;
-
-import java.io.IOException;
-import java.util.Base64;
-
-public class AuthorizationHeader {
-
-  private final AmbiguousIdentifier identifier;
-  private final long                deviceId;
-  private final String              password;
-
-  private AuthorizationHeader(AmbiguousIdentifier identifier, long deviceId, String password) {
-    this.identifier = identifier;
-    this.deviceId   = deviceId;
-    this.password   = password;
-  }
-
-  public static AuthorizationHeader fromUserAndPassword(String user, String password) throws InvalidAuthorizationHeaderException {
-    try {
-      String[] numberAndId = user.split("\\.");
-      return new AuthorizationHeader(new AmbiguousIdentifier(numberAndId[0]),
-                                     numberAndId.length > 1 ? Long.parseLong(numberAndId[1]) : 1,
-                                     password);
-    } catch (NumberFormatException nfe) {
-      throw new InvalidAuthorizationHeaderException(nfe);
-    }
-  }
-
-  public static AuthorizationHeader fromFullHeader(String header) throws InvalidAuthorizationHeaderException {
-    try {
-      if (header == null) {
-        throw new InvalidAuthorizationHeaderException("Null header");
-      }
-
-      String[] headerParts = header.split(" ");
-
-      if (headerParts == null || headerParts.length < 2) {
-        throw new InvalidAuthorizationHeaderException("Invalid authorization header: " + header);
-      }
-
-      if (!"Basic".equals(headerParts[0])) {
-        throw new InvalidAuthorizationHeaderException("Unsupported authorization method: " + headerParts[0]);
-      }
-
-      String concatenatedValues = new String(Base64.getDecoder().decode(headerParts[1]));
-
-      if (Util.isEmpty(concatenatedValues)) {
-        throw new InvalidAuthorizationHeaderException("Bad decoded value: " + concatenatedValues);
-      }
-
-      String[] credentialParts = concatenatedValues.split(":");
-
-      if (credentialParts == null || credentialParts.length < 2) {
-        throw new InvalidAuthorizationHeaderException("Badly formated credentials: " + concatenatedValues);
-      }
-
-      return fromUserAndPassword(credentialParts[0], credentialParts[1]);
-    } catch (IllegalArgumentException e) {
-      throw new InvalidAuthorizationHeaderException(e);
-    }
-  }
-
-  public AmbiguousIdentifier getIdentifier() {
-    return identifier;
-  }
-
-  public long getDeviceId() {
-    return deviceId;
-  }
-
-  public String getPassword() {
-    return password;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/auth/BaseAccountAuthenticator.java

@@ -1,49 +1,39 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.auth;
 
-import com.codahale.metrics.Meter;
-import com.codahale.metrics.MetricRegistry;
-import com.codahale.metrics.SharedMetricRegistries;
+import static com.codahale.metrics.MetricRegistry.name;
+
 import com.google.common.annotations.VisibleForTesting;
 import io.dropwizard.auth.basic.BasicCredentials;
-import io.micrometer.core.instrument.DistributionSummary;
 import io.micrometer.core.instrument.Metrics;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-import org.whispersystems.textsecuregcm.storage.Device;
-import org.whispersystems.textsecuregcm.util.Constants;
-import org.whispersystems.textsecuregcm.util.Util;
-
+import io.micrometer.core.instrument.Tags;
 import java.time.Clock;
 import java.time.Duration;
 import java.time.temporal.ChronoUnit;
 import java.util.Optional;
-
-import static com.codahale.metrics.MetricRegistry.name;
+import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
+import org.whispersystems.textsecuregcm.storage.Device;
+import org.whispersystems.textsecuregcm.storage.RefreshingAccountAndDeviceSupplier;
+import org.whispersystems.textsecuregcm.util.Pair;
+import org.whispersystems.textsecuregcm.util.Util;
 
 public class BaseAccountAuthenticator {
 
-  private final MetricRegistry metricRegistry               = SharedMetricRegistries.getOrCreate(Constants.METRICS_NAME);
-  private final Meter          authenticationFailedMeter    = metricRegistry.meter(name(getClass(), "authentication", "failed"         ));
-  private final Meter          authenticationSucceededMeter = metricRegistry.meter(name(getClass(), "authentication", "succeeded"      ));
-  private final Meter          noSuchAccountMeter           = metricRegistry.meter(name(getClass(), "authentication", "noSuchAccount"  ));
-  private final Meter          noSuchDeviceMeter            = metricRegistry.meter(name(getClass(), "authentication", "noSuchDevice"   ));
-  private final Meter          accountDisabledMeter         = metricRegistry.meter(name(getClass(), "authentication", "accountDisabled"));
-  private final Meter          deviceDisabledMeter          = metricRegistry.meter(name(getClass(), "authentication", "deviceDisabled" ));
-  private final Meter          invalidAuthHeaderMeter       = metricRegistry.meter(name(getClass(), "authentication", "invalidHeader"  ));
-
-  private final String daysSinceLastSeenDistributionName = name(getClass(), "authentication", "daysSinceLastSeen");
+  private static final String AUTHENTICATION_COUNTER_NAME = name(BaseAccountAuthenticator.class, "authentication");
+  private static final String AUTHENTICATION_SUCCEEDED_TAG_NAME = "succeeded";
+  private static final String AUTHENTICATION_FAILURE_REASON_TAG_NAME = "reason";
+  private static final String AUTHENTICATION_ENABLED_REQUIRED_TAG_NAME = "enabledRequired";
 
+  private static final String DAYS_SINCE_LAST_SEEN_DISTRIBUTION_NAME = name(BaseAccountAuthenticator.class, "daysSinceLastSeen");
   private static final String IS_PRIMARY_DEVICE_TAG = "isPrimary";
 
-  private final Logger logger = LoggerFactory.getLogger(BaseAccountAuthenticator.class);
-
   private final AccountsManager accountsManager;
   private final Clock           clock;
 
@@ -57,65 +47,100 @@ public class BaseAccountAuthenticator {
     this.clock           = clock;
   }
 
-  public Optional<Account> authenticate(BasicCredentials basicCredentials, boolean enabledRequired) {
-    try {
-      AuthorizationHeader authorizationHeader = AuthorizationHeader.fromUserAndPassword(basicCredentials.getUsername(), basicCredentials.getPassword());
-      Optional<Account>   account             = accountsManager.get(authorizationHeader.getIdentifier());
+  static Pair<String, Long> getIdentifierAndDeviceId(final String basicUsername) {
+    final String identifier;
+    final long deviceId;
 
-      if (!account.isPresent()) {
-        noSuchAccountMeter.mark();
+    final int deviceIdSeparatorIndex = basicUsername.indexOf('.');
+
+    if (deviceIdSeparatorIndex == -1) {
+      identifier = basicUsername;
+      deviceId = Device.MASTER_ID;
+    } else {
+      identifier = basicUsername.substring(0, deviceIdSeparatorIndex);
+      deviceId = Long.parseLong(basicUsername.substring(deviceIdSeparatorIndex + 1));
+    }
+
+    return new Pair<>(identifier, deviceId);
+  }
+
+  public Optional<AuthenticatedAccount> authenticate(BasicCredentials basicCredentials, boolean enabledRequired) {
+    boolean succeeded = false;
+    String failureReason = null;
+
+    try {
+      final UUID accountUuid;
+      final long deviceId;
+      {
+        final Pair<String, Long> identifierAndDeviceId = getIdentifierAndDeviceId(basicCredentials.getUsername());
+
+        accountUuid = UUID.fromString(identifierAndDeviceId.first());
+        deviceId = identifierAndDeviceId.second();
+      }
+
+      Optional<Account> account = accountsManager.getByAccountIdentifier(accountUuid);
+
+      if (account.isEmpty()) {
+        failureReason = "noSuchAccount";
         return Optional.empty();
       }
 
-      Optional<Device> device = account.get().getDevice(authorizationHeader.getDeviceId());
+      Optional<Device> device = account.get().getDevice(deviceId);
 
-      if (!device.isPresent()) {
-        noSuchDeviceMeter.mark();
+      if (device.isEmpty()) {
+        failureReason = "noSuchDevice";
         return Optional.empty();
       }
 
       if (enabledRequired) {
         if (!device.get().isEnabled()) {
-          deviceDisabledMeter.mark();
+          failureReason = "deviceDisabled";
           return Optional.empty();
         }
 
         if (!account.get().isEnabled()) {
-          accountDisabledMeter.mark();
+          failureReason = "accountDisabled";
           return Optional.empty();
         }
       }
 
       if (device.get().getAuthenticationCredentials().verify(basicCredentials.getPassword())) {
-        authenticationSucceededMeter.mark();
-        account.get().setAuthenticatedDevice(device.get());
-        updateLastSeen(account.get(), device.get());
-        return account;
+        succeeded = true;
+        final Account authenticatedAccount = updateLastSeen(account.get(), device.get());
+        return Optional.of(new AuthenticatedAccount(
+            new RefreshingAccountAndDeviceSupplier(authenticatedAccount, device.get().getId(), accountsManager)));
       }
 
-      authenticationFailedMeter.mark();
       return Optional.empty();
     } catch (IllegalArgumentException | InvalidAuthorizationHeaderException iae) {
-      invalidAuthHeaderMeter.mark();
+      failureReason = "invalidHeader";
       return Optional.empty();
+    } finally {
+      Tags tags = Tags.of(
+          AUTHENTICATION_SUCCEEDED_TAG_NAME, String.valueOf(succeeded),
+          AUTHENTICATION_ENABLED_REQUIRED_TAG_NAME, String.valueOf(enabledRequired));
+
+      if (StringUtils.isNotBlank(failureReason)) {
+        tags = tags.and(AUTHENTICATION_FAILURE_REASON_TAG_NAME, failureReason);
+      }
+
+      Metrics.counter(AUTHENTICATION_COUNTER_NAME, tags).increment();
     }
   }
 
   @VisibleForTesting
-  public void updateLastSeen(Account account, Device device) {
+  public Account updateLastSeen(Account account, Device device) {
     final long lastSeenOffsetSeconds   = Math.abs(account.getUuid().getLeastSignificantBits()) % ChronoUnit.DAYS.getDuration().toSeconds();
     final long todayInMillisWithOffset = Util.todayInMillisGivenOffsetFromNow(clock, Duration.ofSeconds(lastSeenOffsetSeconds).negated());
 
     if (device.getLastSeen() < todayInMillisWithOffset) {
-      DistributionSummary.builder(daysSinceLastSeenDistributionName)
-          .tags(IS_PRIMARY_DEVICE_TAG, String.valueOf(device.isMaster()))
-          .publishPercentileHistogram()
-          .register(Metrics.globalRegistry)
+      Metrics.summary(DAYS_SINCE_LAST_SEEN_DISTRIBUTION_NAME, IS_PRIMARY_DEVICE_TAG, String.valueOf(device.isMaster()))
           .record(Duration.ofMillis(todayInMillisWithOffset - device.getLastSeen()).toDays());
 
-      device.setLastSeen(Util.todayInMillis(clock));
-      accountsManager.update(account);
+      return accountsManager.updateDeviceLastSeen(account, device, Util.todayInMillis(clock));
     }
+
+    return account;
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/BasicAuthorizationHeader.java

@@ -0,0 +1,96 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+package org.whispersystems.textsecuregcm.auth;
+
+import java.util.Base64;
+import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
+import org.whispersystems.textsecuregcm.storage.Device;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+public class BasicAuthorizationHeader {
+
+  private final String username;
+  private final long deviceId;
+  private final String password;
+
+  private BasicAuthorizationHeader(final String username, final long deviceId, final String password) {
+    this.username = username;
+    this.deviceId = deviceId;
+    this.password = password;
+  }
+
+  public static BasicAuthorizationHeader fromString(final String header) throws InvalidAuthorizationHeaderException {
+    try {
+      if (StringUtils.isBlank(header)) {
+        throw new InvalidAuthorizationHeaderException("Blank header");
+      }
+
+      final int spaceIndex = header.indexOf(' ');
+
+      if (spaceIndex == -1) {
+        throw new InvalidAuthorizationHeaderException("Invalid authorization header: " + header);
+      }
+
+      final String authorizationType = header.substring(0, spaceIndex);
+
+      if (!"Basic".equals(authorizationType)) {
+        throw new InvalidAuthorizationHeaderException("Unsupported authorization method: " + authorizationType);
+      }
+
+      final String credentials;
+
+      try {
+        credentials = new String(Base64.getDecoder().decode(header.substring(spaceIndex + 1)));
+      } catch (final IndexOutOfBoundsException e) {
+        throw new InvalidAuthorizationHeaderException("Missing credentials");
+      }
+
+      if (StringUtils.isEmpty(credentials)) {
+        throw new InvalidAuthorizationHeaderException("Bad decoded value: " + credentials);
+      }
+
+      final int credentialSeparatorIndex = credentials.indexOf(':');
+
+      if (credentialSeparatorIndex == -1) {
+        throw new InvalidAuthorizationHeaderException("Badly-formatted credentials: " + credentials);
+      }
+
+      final String usernameComponent = credentials.substring(0, credentialSeparatorIndex);
+
+      final String username;
+      final long deviceId;
+      {
+        final Pair<String, Long> identifierAndDeviceId =
+            BaseAccountAuthenticator.getIdentifierAndDeviceId(usernameComponent);
+
+        username = identifierAndDeviceId.first();
+        deviceId = identifierAndDeviceId.second();
+      }
+
+      final String password = credentials.substring(credentialSeparatorIndex + 1);
+
+      if (StringUtils.isAnyBlank(username, password)) {
+        throw new InvalidAuthorizationHeaderException("Username or password were blank");
+      }
+
+      return new BasicAuthorizationHeader(username, deviceId, password);
+    } catch (final IllegalArgumentException | IndexOutOfBoundsException e) {
+      throw new InvalidAuthorizationHeaderException(e);
+    }
+  }
+
+  public String getUsername() {
+    return username;
+  }
+
+  public long getDeviceId() {
+    return deviceId;
+  }
+
+  public String getPassword() {
+    return password;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/CertificateGenerator.java

@@ -33,7 +33,7 @@ public class CertificateGenerator {
     this.serverCertificate = ServerCertificate.parseFrom(serverCertificate);
   }
 
-  public byte[] createFor(Account account, Device device, boolean includeE164) throws IOException, InvalidKeyException {
+  public byte[] createFor(Account account, Device device, boolean includeE164) throws InvalidKeyException {
     SenderCertificate.Certificate.Builder builder = SenderCertificate.Certificate.newBuilder()
                                                                                  .setSenderDevice(Math.toIntExact(device.getId()))
                                                                                  .setExpires(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(expiresDays))

service/src/main/java/org/whispersystems/textsecuregcm/auth/ChangesDeviceEnabledState.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Indicates that an endpoint may change the "enabled" state of one or more devices associated with an account, and that
+ * any websockets associated with the account may need to be refreshed after a call to that endpoint.
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface ChangesDeviceEnabledState {
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/ContainerRequestUtil.java

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import org.glassfish.jersey.server.ContainerRequest;
+import org.whispersystems.textsecuregcm.storage.Account;
+import javax.ws.rs.core.SecurityContext;
+import java.util.Optional;
+
+class ContainerRequestUtil {
+
+  static Optional<Account> getAuthenticatedAccount(final ContainerRequest request) {
+    return Optional.ofNullable(request.getSecurityContext())
+        .map(SecurityContext::getUserPrincipal)
+        .map(principal -> principal instanceof AccountAndAuthenticatedDeviceHolder
+            ? ((AccountAndAuthenticatedDeviceHolder) principal).getAccount() : null);
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/DisabledPermittedAccount.java

@@ -1,36 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.auth;
-
-import org.whispersystems.textsecuregcm.storage.Account;
-
-import javax.security.auth.Subject;
-import java.security.Principal;
-
-public class DisabledPermittedAccount implements Principal  {
-
-  private final Account account;
-
-  public DisabledPermittedAccount(Account account) {
-    this.account = account;
-  }
-
-  public Account getAccount() {
-    return account;
-  }
-
-  // Principal implementation
-
-  @Override
-  public String getName() {
-    return null;
-  }
-
-  @Override
-  public boolean implies(Subject subject) {
-    return false;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/auth/DisabledPermittedAccountAuthenticator.java

@@ -1,27 +1,25 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.auth;
 
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-
-import java.util.Optional;
-
 import io.dropwizard.auth.Authenticator;
 import io.dropwizard.auth.basic.BasicCredentials;
+import java.util.Optional;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
 
-public class DisabledPermittedAccountAuthenticator extends BaseAccountAuthenticator implements Authenticator<BasicCredentials, DisabledPermittedAccount> {
+public class DisabledPermittedAccountAuthenticator extends BaseAccountAuthenticator implements
+    Authenticator<BasicCredentials, DisabledPermittedAuthenticatedAccount> {
 
   public DisabledPermittedAccountAuthenticator(AccountsManager accountsManager) {
     super(accountsManager);
   }
-  
+
   @Override
-  public Optional<DisabledPermittedAccount> authenticate(BasicCredentials credentials) {
-    Optional<Account> account = super.authenticate(credentials, false);
-    return account.map(DisabledPermittedAccount::new);
+  public Optional<DisabledPermittedAuthenticatedAccount> authenticate(BasicCredentials credentials) {
+    Optional<AuthenticatedAccount> account = super.authenticate(credentials, false);
+    return account.map(DisabledPermittedAuthenticatedAccount::new);
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/DisabledPermittedAuthenticatedAccount.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.security.Principal;
+import javax.security.auth.Subject;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.Device;
+
+public class DisabledPermittedAuthenticatedAccount implements Principal, AccountAndAuthenticatedDeviceHolder {
+
+  private final AuthenticatedAccount authenticatedAccount;
+
+  public DisabledPermittedAuthenticatedAccount(final AuthenticatedAccount authenticatedAccount) {
+    this.authenticatedAccount = authenticatedAccount;
+  }
+
+  @Override
+  public Account getAccount() {
+    return authenticatedAccount.getAccount();
+  }
+
+  @Override
+  public Device getAuthenticatedDevice() {
+    return authenticatedAccount.getAuthenticatedDevice();
+  }
+
+  // Principal implementation
+
+  @Override
+  public String getName() {
+    return null;
+  }
+
+  @Override
+  public boolean implies(Subject subject) {
+    return false;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/ExternalServiceCredentialGenerator.java

@@ -1,97 +1,71 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.auth;
 
-import org.apache.commons.codec.DecoderException;
-import org.apache.commons.codec.binary.Hex;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.util.Util;
-
+import com.google.common.annotations.VisibleForTesting;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.time.Clock;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.concurrent.TimeUnit;
+import org.apache.commons.codec.binary.Hex;
+import org.whispersystems.textsecuregcm.util.Util;
 
 public class ExternalServiceCredentialGenerator {
 
-  private final Logger logger = LoggerFactory.getLogger(ExternalServiceCredentialGenerator.class);
-
   private final byte[] key;
   private final byte[] userIdKey;
   private final boolean usernameDerivation;
+  private final boolean prependUsername;
+  private final Clock clock;
 
-  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation) {
-    this.key                = key;
-    this.userIdKey          = userIdKey;
-    this.usernameDerivation = usernameDerivation;
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey) {
+    this(key, userIdKey, true, true);
   }
 
-  public ExternalServiceCredentials generateFor(String number) {
-    Mac    mac                = getMacInstance();
-    String username           = getUserId(number, mac, usernameDerivation);
-    long   currentTimeSeconds = System.currentTimeMillis() / 1000;
-    String prefix             = username + ":"  + currentTimeSeconds;
-    String output             = Hex.encodeHexString(Util.truncate(getHmac(key, prefix.getBytes(), mac), 10));
-    String token              = prefix + ":" + output;
+  public ExternalServiceCredentialGenerator(byte[] key, boolean prependUsername) {
+    this(key, new byte[0], false, prependUsername);
+  }
+
+  @VisibleForTesting
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation) {
+    this(key, userIdKey, usernameDerivation, true);
+  }
+
+  private ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
+      boolean prependUsername) {
+    this(key, userIdKey, usernameDerivation, prependUsername, Clock.systemUTC());
+  }
+
+  @VisibleForTesting
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
+      boolean prependUsername, Clock clock) {
+    this.key = key;
+    this.userIdKey = userIdKey;
+    this.usernameDerivation = usernameDerivation;
+    this.prependUsername = prependUsername;
+    this.clock = clock;
+  }
+
+  public ExternalServiceCredentials generateFor(String identity) {
+    Mac mac = getMacInstance();
+    String username = getUserId(identity, mac, usernameDerivation);
+    long currentTimeSeconds = clock.millis() / 1000;
+    String prefix = username + ":" + currentTimeSeconds;
+    String output = Hex.encodeHexString(Util.truncate(getHmac(key, prefix.getBytes(), mac), 10));
+    String token = (prependUsername ? prefix : currentTimeSeconds) + ":" + output;
 
     return new ExternalServiceCredentials(username, token);
   }
 
-
-  public boolean isValid(String token, String number, long currentTimeMillis) {
-    String[] parts = token.split(":");
-    Mac      mac   = getMacInstance();
-
-    if (parts.length != 3) {
-      return false;
-    }
-
-    if (!getUserId(number, mac, usernameDerivation).equals(parts[0])) {
-      return false;
-    }
-
-    if (!isValidTime(parts[1], currentTimeMillis)) {
-      return false;
-    }
-
-    return isValidSignature(parts[0] + ":" + parts[1], parts[2], mac);
-  }
-
   private String getUserId(String number, Mac mac, boolean usernameDerivation) {
     if (usernameDerivation) return Hex.encodeHexString(Util.truncate(getHmac(userIdKey, number.getBytes(), mac), 10));
     else                    return number;
   }
 
-  private boolean isValidTime(String timeString, long currentTimeMillis) {
-    try {
-      long tokenTime = Long.parseLong(timeString);
-      long ourTime   = TimeUnit.MILLISECONDS.toSeconds(currentTimeMillis);
-
-      return TimeUnit.SECONDS.toHours(Math.abs(ourTime - tokenTime)) < 24;
-    } catch (NumberFormatException e) {
-      logger.warn("Number Format", e);
-      return false;
-    }
-  }
-
-  private boolean isValidSignature(String prefix, String suffix, Mac mac) {
-    try {
-      byte[] ourSuffix   = Util.truncate(getHmac(key, prefix.getBytes(), mac), 10);
-      byte[] theirSuffix = Hex.decodeHex(suffix.toCharArray());
-
-      return MessageDigest.isEqual(ourSuffix, theirSuffix);
-    } catch (DecoderException e) {
-      logger.warn("DirectoryCredentials", e);
-      return false;
-    }
-  }
-
   private Mac getMacInstance() {
     try {
       return Mac.getInstance("HmacSHA256");

service/src/main/java/org/whispersystems/textsecuregcm/auth/InvalidAuthorizationHeaderException.java

@@ -5,12 +5,15 @@
 package org.whispersystems.textsecuregcm.auth;
 
 
-public class InvalidAuthorizationHeaderException extends Exception {
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response.Status;
+
+public class InvalidAuthorizationHeaderException extends WebApplicationException {
   public InvalidAuthorizationHeaderException(String s) {
-    super(s);
+    super(s, Status.UNAUTHORIZED);
   }
 
   public InvalidAuthorizationHeaderException(Exception e) {
-    super(e);
+    super(e, Status.UNAUTHORIZED);
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/OptionalAccess.java

@@ -8,6 +8,8 @@ package org.whispersystems.textsecuregcm.auth;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.Device;
 
+import javax.ws.rs.NotAuthorizedException;
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
 import java.security.MessageDigest;
@@ -36,9 +38,9 @@ public class OptionalAccess {
         }
 
         if (requestAccount.isPresent()) {
-          throw new WebApplicationException(Response.Status.NOT_FOUND);
+          throw new NotFoundException();
         } else {
-          throw new WebApplicationException(Response.Status.UNAUTHORIZED);
+          throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);
         }
       }
     } catch (NumberFormatException e) {
@@ -56,7 +58,7 @@ public class OptionalAccess {
 
     //noinspection ConstantConditions
     if (requestAccount.isPresent() && (targetAccount.isEmpty() || (targetAccount.isPresent() && !targetAccount.get().isEnabled()))) {
-      throw new WebApplicationException(Response.Status.NOT_FOUND);
+      throw new NotFoundException();
     }
 
     if (accessKey.isPresent() && targetAccount.isPresent() && targetAccount.get().isEnabled() && targetAccount.get().isUnrestrictedUnidentifiedAccess()) {
@@ -72,7 +74,7 @@ public class OptionalAccess {
       return;
     }
 
-    throw new WebApplicationException(Response.Status.UNAUTHORIZED);
+    throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/PhoneNumberChangeRefreshRequirementProvider.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import org.glassfish.jersey.server.ContainerRequest;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+public class PhoneNumberChangeRefreshRequirementProvider implements WebsocketRefreshRequirementProvider {
+
+  private static final String INITIAL_NUMBER_KEY =
+      PhoneNumberChangeRefreshRequirementProvider.class.getName() + ".initialNumber";
+
+  @Override
+  public void handleRequestFiltered(final RequestEvent requestEvent) {
+    ContainerRequestUtil.getAuthenticatedAccount(requestEvent.getContainerRequest())
+        .ifPresent(account -> requestEvent.getContainerRequest().setProperty(INITIAL_NUMBER_KEY, account.getNumber()));
+  }
+
+  @Override
+  public List<Pair<UUID, Long>> handleRequestFinished(final RequestEvent requestEvent) {
+    final String initialNumber = (String) requestEvent.getContainerRequest().getProperty(INITIAL_NUMBER_KEY);
+
+    if (initialNumber != null) {
+      final Optional<Account> maybeAuthenticatedAccount =
+          ContainerRequestUtil.getAuthenticatedAccount(requestEvent.getContainerRequest());
+
+      return maybeAuthenticatedAccount
+          .filter(account -> !initialNumber.equals(account.getNumber()))
+          .map(account -> account.getDevices().stream()
+              .map(device -> new Pair<>(account.getUuid(), device.getId()))
+              .collect(Collectors.toList()))
+          .orElse(Collections.emptyList());
+    } else {
+      return Collections.emptyList();
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredRegistrationLock.java

@@ -9,7 +9,6 @@ import com.google.common.annotations.VisibleForTesting;
 import org.whispersystems.textsecuregcm.util.Util;
 
 import javax.annotation.Nullable;
-import java.security.MessageDigest;
 import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 
@@ -20,42 +19,33 @@ public class StoredRegistrationLock {
 
   private final Optional<String> registrationLockSalt;
 
-  private final Optional<String> deprecatedPin;
-
   private final long             lastSeen;
 
-  public StoredRegistrationLock(Optional<String> registrationLock, Optional<String> registrationLockSalt, Optional<String> deprecatedPin, long lastSeen) {
+  public StoredRegistrationLock(Optional<String> registrationLock, Optional<String> registrationLockSalt, long lastSeen) {
     this.registrationLock     = registrationLock;
     this.registrationLockSalt = registrationLockSalt;
-    this.deprecatedPin        = deprecatedPin;
     this.lastSeen             = lastSeen;
   }
 
   public boolean requiresClientRegistrationLock() {
-    return ((registrationLock.isPresent() && registrationLockSalt.isPresent())  || deprecatedPin.isPresent()) && System.currentTimeMillis() - lastSeen < TimeUnit.DAYS.toMillis(7);
+    return registrationLock.isPresent() && registrationLockSalt.isPresent() && System.currentTimeMillis() - lastSeen < TimeUnit.DAYS.toMillis(7);
   }
 
   public boolean needsFailureCredentials() {
     return registrationLock.isPresent() && registrationLockSalt.isPresent();
   }
 
-  public boolean hasDeprecatedPin() {
-    return deprecatedPin.isPresent();
-  }
-
   public long getTimeRemaining() {
     return TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - lastSeen);
   }
 
-  public boolean verify(@Nullable String clientRegistrationLock, @Nullable String clientDeprecatedPin) {
-    if (Util.isEmpty(clientRegistrationLock) && Util.isEmpty(clientDeprecatedPin)) {
+  public boolean verify(@Nullable String clientRegistrationLock) {
+    if (Util.isEmpty(clientRegistrationLock)) {
       return false;
     }
 
     if (registrationLock.isPresent() && registrationLockSalt.isPresent() && !Util.isEmpty(clientRegistrationLock)) {
       return new AuthenticationCredentials(registrationLock.get(), registrationLockSalt.get()).verify(clientRegistrationLock);
-    } else if (deprecatedPin.isPresent() && !Util.isEmpty(clientDeprecatedPin)) {
-      return MessageDigest.isEqual(deprecatedPin.get().getBytes(), clientDeprecatedPin.getBytes());
     } else {
       return false;
     }
@@ -63,6 +53,6 @@ public class StoredRegistrationLock {
 
   @VisibleForTesting
   public StoredRegistrationLock forTime(long timestamp) {
-    return new StoredRegistrationLock(registrationLock, registrationLockSalt, deprecatedPin, timestamp);
+    return new StoredRegistrationLock(registrationLock, registrationLockSalt, timestamp);
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCode.java

@@ -5,36 +5,38 @@
 
 package org.whispersystems.textsecuregcm.auth;
 
+import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
-
-import org.whispersystems.textsecuregcm.util.Util;
-
 import java.security.MessageDigest;
+import java.time.Duration;
 import java.util.Optional;
-import java.util.concurrent.TimeUnit;
+import javax.annotation.Nullable;
+import org.whispersystems.textsecuregcm.util.Util;
 
 public class StoredVerificationCode {
 
   @JsonProperty
-  private String code;
+  private final String code;
 
   @JsonProperty
-  private long timestamp;
+  private final long timestamp;
 
   @JsonProperty
-  private String pushCode;
+  private final String pushCode;
 
   @JsonProperty
-  private String twilioVerificationSid;
+  @Nullable
+  private final String twilioVerificationSid;
 
-  public StoredVerificationCode() {
-  }
+  public static final Duration EXPIRATION = Duration.ofMinutes(10);
 
-  public StoredVerificationCode(String code, long timestamp, String pushCode) {
-    this(code, timestamp, pushCode, null);
-  }
+  @JsonCreator
+  public StoredVerificationCode(
+      @JsonProperty("code") final String code,
+      @JsonProperty("timestamp") final long timestamp,
+      @JsonProperty("pushCode") final String pushCode,
+      @JsonProperty("twilioVerificationSid") @Nullable final String twilioVerificationSid) {
 
-  public StoredVerificationCode(String code, long timestamp, String pushCode, String twilioVerificationSid) {
     this.code = code;
     this.timestamp = timestamp;
     this.pushCode = pushCode;
@@ -58,10 +60,6 @@ public class StoredVerificationCode {
   }
 
   public boolean isValid(String theirCodeString) {
-    if (timestamp + TimeUnit.MINUTES.toMillis(10) < System.currentTimeMillis()) {
-      return false;
-    }
-
     if (Util.isEmpty(code) || Util.isEmpty(theirCodeString)) {
       return false;
     }

service/src/main/java/org/whispersystems/textsecuregcm/auth/WebsocketRefreshApplicationEventListener.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import org.glassfish.jersey.server.monitoring.ApplicationEvent;
+import org.glassfish.jersey.server.monitoring.ApplicationEventListener;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.glassfish.jersey.server.monitoring.RequestEventListener;
+import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
+
+/**
+ * Delegates request events to a listener that watches for intra-request changes that require websocket refreshes
+ */
+public class WebsocketRefreshApplicationEventListener implements ApplicationEventListener {
+
+  private final WebsocketRefreshRequestEventListener websocketRefreshRequestEventListener;
+
+  public WebsocketRefreshApplicationEventListener(final AccountsManager accountsManager,
+      final ClientPresenceManager clientPresenceManager) {
+
+    this.websocketRefreshRequestEventListener = new WebsocketRefreshRequestEventListener(clientPresenceManager,
+        new AuthEnablementRefreshRequirementProvider(accountsManager),
+        new PhoneNumberChangeRefreshRequirementProvider());
+  }
+
+  @Override
+  public void onEvent(final ApplicationEvent event) {
+  }
+
+  @Override
+  public RequestEventListener onRequest(final RequestEvent requestEvent) {
+    return websocketRefreshRequestEventListener;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/WebsocketRefreshRequestEventListener.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import static org.whispersystems.textsecuregcm.metrics.MetricsUtil.name;
+
+import io.micrometer.core.instrument.Counter;
+import io.micrometer.core.instrument.Metrics;
+import java.util.Arrays;
+import java.util.concurrent.atomic.AtomicInteger;
+import javax.ws.rs.container.ResourceInfo;
+import javax.ws.rs.core.Context;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.glassfish.jersey.server.monitoring.RequestEvent.Type;
+import org.glassfish.jersey.server.monitoring.RequestEventListener;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
+
+public class WebsocketRefreshRequestEventListener implements RequestEventListener {
+
+  private final ClientPresenceManager clientPresenceManager;
+  private final WebsocketRefreshRequirementProvider[] providers;
+
+  private static final Counter DISPLACED_ACCOUNTS = Metrics.counter(
+      name(WebsocketRefreshRequestEventListener.class, "displacedAccounts"));
+
+  private static final Counter DISPLACED_DEVICES = Metrics.counter(
+      name(WebsocketRefreshRequestEventListener.class, "displacedDevices"));
+
+  private static final Logger logger = LoggerFactory.getLogger(WebsocketRefreshRequestEventListener.class);
+
+  public WebsocketRefreshRequestEventListener(
+      final ClientPresenceManager clientPresenceManager,
+      final WebsocketRefreshRequirementProvider... providers) {
+
+    this.clientPresenceManager = clientPresenceManager;
+    this.providers = providers;
+  }
+
+  @Context
+  private ResourceInfo resourceInfo;
+
+  @Override
+  public void onEvent(final RequestEvent event) {
+    if (event.getType() == Type.REQUEST_FILTERED) {
+      for (final WebsocketRefreshRequirementProvider provider : providers) {
+        provider.handleRequestFiltered(event);
+      }
+    } else if (event.getType() == Type.FINISHED) {
+      final AtomicInteger displacedDevices = new AtomicInteger(0);
+
+      Arrays.stream(providers)
+          .flatMap(provider -> provider.handleRequestFinished(event).stream())
+          .distinct()
+          .forEach(pair -> {
+            try {
+              displacedDevices.incrementAndGet();
+              clientPresenceManager.disconnectPresence(pair.first(), pair.second());
+            } catch (final Exception e) {
+              logger.error("Could not displace device presence", e);
+            }
+          });
+
+      if (displacedDevices.get() > 0) {
+        DISPLACED_ACCOUNTS.increment();
+        DISPLACED_DEVICES.increment(displacedDevices.get());
+      }
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/WebsocketRefreshRequirementProvider.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.auth;
+
+import java.util.List;
+import java.util.UUID;
+import org.glassfish.jersey.server.ContainerRequest;
+import org.glassfish.jersey.server.monitoring.RequestEvent;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+/**
+ * A websocket refresh requirement provider watches for intra-request changes (e.g. to authentication status) that
+ * require a websocket refresh.
+ */
+public interface WebsocketRefreshRequirementProvider {
+
+  /**
+   * Processes a request after filters have run and the request has been mapped to a destination controller.
+   *
+   * @param requestEvent the request event to observe
+   */
+  void handleRequestFiltered(RequestEvent requestEvent);
+
+  /**
+   * Processes a request after all normal request handling has been completed.
+   *
+   * @param requestEvent the request event to observe
+   * @return a list of pairs of account UUID/device ID pairs identifying websockets that need to be refreshed as a
+   * result of the observed request
+   */
+  List<Pair<UUID, Long>> handleRequestFinished(RequestEvent requestEvent);
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/BadgeTranslator.java

@@ -0,0 +1,14 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import java.util.List;
+import java.util.Locale;
+import org.whispersystems.textsecuregcm.entities.Badge;
+
+public interface BadgeTranslator {
+  Badge translate(List<Locale> acceptableLanguages, String badgeId);
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/ConfiguredProfileBadgeConverter.java

@@ -0,0 +1,131 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import com.google.common.annotations.VisibleForTesting;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.ResourceBundle;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import org.signal.i18n.HeaderControlledResourceBundleLookup;
+import org.whispersystems.textsecuregcm.configuration.BadgeConfiguration;
+import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
+import org.whispersystems.textsecuregcm.entities.Badge;
+import org.whispersystems.textsecuregcm.entities.BadgeSvg;
+import org.whispersystems.textsecuregcm.entities.SelfBadge;
+import org.whispersystems.textsecuregcm.storage.AccountBadge;
+
+public class ConfiguredProfileBadgeConverter implements ProfileBadgeConverter, BadgeTranslator {
+
+  @VisibleForTesting
+  static final String BASE_NAME = "org.signal.badges.Badges";
+
+  private final Clock clock;
+  private final Map<String, BadgeConfiguration> knownBadges;
+  private final List<String> badgeIdsEnabledForAll;
+  private final HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup;
+
+  public ConfiguredProfileBadgeConverter(
+      final Clock clock,
+      final BadgesConfiguration badgesConfiguration,
+      final HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup) {
+    this.clock = clock;
+    this.knownBadges = badgesConfiguration.getBadges().stream()
+        .collect(Collectors.toMap(BadgeConfiguration::getId, Function.identity()));
+    this.badgeIdsEnabledForAll = badgesConfiguration.getBadgeIdsEnabledForAll();
+    this.headerControlledResourceBundleLookup = headerControlledResourceBundleLookup;
+  }
+
+  @Override
+  public Badge translate(final List<Locale> acceptableLanguages, final String badgeId) {
+    final ResourceBundle resourceBundle = headerControlledResourceBundleLookup.getResourceBundle(BASE_NAME,
+        acceptableLanguages);
+    final BadgeConfiguration configuration = knownBadges.get(badgeId);
+    return newBadge(
+        false,
+        configuration.getId(),
+        configuration.getCategory(),
+        resourceBundle.getString(configuration.getId() + "_name"),
+        resourceBundle.getString(configuration.getId() + "_description"),
+        configuration.getSprites(),
+        configuration.getSvg(),
+        configuration.getSvgs(),
+        null,
+        false);
+  }
+
+  @Override
+  public List<Badge> convert(
+      final List<Locale> acceptableLanguages,
+      final List<AccountBadge> accountBadges,
+      final boolean isSelf) {
+    if (accountBadges.isEmpty() && badgeIdsEnabledForAll.isEmpty()) {
+      return List.of();
+    }
+
+    final Instant now = clock.instant();
+    final ResourceBundle resourceBundle = headerControlledResourceBundleLookup.getResourceBundle(BASE_NAME,
+        acceptableLanguages);
+    List<Badge> badges = accountBadges.stream()
+        .filter(accountBadge -> (isSelf || accountBadge.isVisible())
+            && now.isBefore(accountBadge.getExpiration())
+            && knownBadges.containsKey(accountBadge.getId()))
+        .map(accountBadge -> {
+          BadgeConfiguration configuration = knownBadges.get(accountBadge.getId());
+          return newBadge(
+              isSelf,
+              accountBadge.getId(),
+              configuration.getCategory(),
+              resourceBundle.getString(accountBadge.getId() + "_name"),
+              resourceBundle.getString(accountBadge.getId() + "_description"),
+              configuration.getSprites(),
+              configuration.getSvg(),
+              configuration.getSvgs(),
+              accountBadge.getExpiration(),
+              accountBadge.isVisible());
+        })
+        .collect(Collectors.toCollection(ArrayList::new));
+    badges.addAll(badgeIdsEnabledForAll.stream().filter(knownBadges::containsKey).map(id -> {
+      BadgeConfiguration configuration = knownBadges.get(id);
+      return newBadge(
+          isSelf,
+          id,
+          configuration.getCategory(),
+          resourceBundle.getString(id + "_name"),
+          resourceBundle.getString(id + "_description"),
+          configuration.getSprites(),
+          configuration.getSvg(),
+          configuration.getSvgs(),
+          now.plus(Duration.ofDays(1)),
+          true);
+    }).collect(Collectors.toList()));
+    return badges;
+  }
+
+  private Badge newBadge(
+      final boolean isSelf,
+      final String id,
+      final String category,
+      final String name,
+      final String description,
+      final List<String> sprites,
+      final String svg,
+      final List<BadgeSvg> svgs,
+      final Instant expiration,
+      final boolean visible) {
+    if (isSelf) {
+      return new SelfBadge(id, category, name, description, sprites, svg, svgs, expiration, visible);
+    } else {
+      return new Badge(id, category, name, description, sprites, svg, svgs);
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/LevelTranslator.java

@@ -0,0 +1,13 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import java.util.List;
+import java.util.Locale;
+
+public interface LevelTranslator {
+  String translate(List<Locale> acceptableLanguages, String badgeId);
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/ProfileBadgeConverter.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import java.util.List;
+import java.util.Locale;
+import org.whispersystems.textsecuregcm.entities.Badge;
+import org.whispersystems.textsecuregcm.storage.AccountBadge;
+
+public interface ProfileBadgeConverter {
+
+  /**
+   * Converts the {@link AccountBadge}s for an account into the objects
+   * that can be returned on a profile fetch.
+   */
+  List<Badge> convert(List<Locale> acceptableLanguages, List<AccountBadge> accountBadges, boolean isSelf);
+}

service/src/main/java/org/whispersystems/textsecuregcm/badges/ResourceBundleLevelTranslator.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.badges;
+
+import java.util.List;
+import java.util.Locale;
+import java.util.Objects;
+import java.util.ResourceBundle;
+import javax.annotation.Nonnull;
+import org.signal.i18n.HeaderControlledResourceBundleLookup;
+
+public class ResourceBundleLevelTranslator implements LevelTranslator {
+
+  private static final String BASE_NAME = "org.signal.subscriptions.Subscriptions";
+
+  private final HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup;
+
+  public ResourceBundleLevelTranslator(
+      @Nonnull final HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup) {
+    this.headerControlledResourceBundleLookup = Objects.requireNonNull(headerControlledResourceBundleLookup);
+  }
+
+  @Override
+  public String translate(final List<Locale> acceptableLanguages, final String badgeId) {
+    final ResourceBundle resourceBundle = headerControlledResourceBundleLookup.getResourceBundle(BASE_NAME,
+        acceptableLanguages);
+    return resourceBundle.getString(badgeId);
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/AbusiveMessageFilterConfiguration.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.constraints.NotBlank;
+
+public class AbusiveMessageFilterConfiguration {
+
+  @JsonProperty
+  @NotBlank
+  private final String environment;
+
+  @JsonCreator
+  public AbusiveMessageFilterConfiguration(@JsonProperty("environment") final String environment) {
+    this.environment = environment;
+  }
+
+  public String getEnvironment() {
+    return environment;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/AccountsDatabaseConfiguration.java

@@ -1,23 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import javax.validation.Valid;
-import javax.validation.constraints.NotNull;
-
-public class AccountsDatabaseConfiguration extends DatabaseConfiguration {
-
-    @JsonProperty
-    @NotNull
-    @Valid
-    private RetryConfiguration keyOperationRetry = new RetryConfiguration();
-
-    public RetryConfiguration getKeyOperationRetryConfiguration() {
-        return keyOperationRetry;
-    }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/AccountsDynamoDbConfiguration.java

@@ -1,13 +0,0 @@
-package org.whispersystems.textsecuregcm.configuration;
-
-import javax.validation.constraints.NotNull;
-
-public class AccountsDynamoDbConfiguration extends DynamoDbConfiguration {
-
-  @NotNull
-  private String phoneNumberTableName;
-
-  public String getPhoneNumberTableName() {
-    return phoneNumberTableName;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/AccountsTableConfiguration.java

@@ -0,0 +1,49 @@
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import org.whispersystems.textsecuregcm.configuration.DynamoDbTables.Table;
+import javax.validation.constraints.NotBlank;
+
+public class AccountsTableConfiguration extends Table {
+
+  private final String phoneNumberTableName;
+  private final String phoneNumberIdentifierTableName;
+  private final String usernamesTableName;
+  private final int scanPageSize;
+
+  @JsonCreator
+  public AccountsTableConfiguration(
+      @JsonProperty("tableName") final String tableName,
+      @JsonProperty("phoneNumberTableName") final String phoneNumberTableName,
+      @JsonProperty("phoneNumberIdentifierTableName") final String phoneNumberIdentifierTableName,
+      @JsonProperty("usernamesTableName") final String usernamesTableName,
+      @JsonProperty("scanPageSize") final int scanPageSize) {
+
+    super(tableName);
+
+    this.phoneNumberTableName = phoneNumberTableName;
+    this.phoneNumberIdentifierTableName = phoneNumberIdentifierTableName;
+    this.usernamesTableName = usernamesTableName;
+    this.scanPageSize = scanPageSize;
+  }
+
+  @NotBlank
+  public String getPhoneNumberTableName() {
+    return phoneNumberTableName;
+  }
+
+  @NotBlank
+  public String getPhoneNumberIdentifierTableName() {
+    return phoneNumberIdentifierTableName;
+  }
+
+  @NotBlank
+  public String getUsernamesTableName() {
+    return usernamesTableName;
+  }
+
+  public int getScanPageSize() {
+    return scanPageSize;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BadgeConfiguration.java

@@ -0,0 +1,68 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.List;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.entities.BadgeSvg;
+import org.whispersystems.textsecuregcm.util.ExactlySize;
+
+public class BadgeConfiguration {
+  public static final String CATEGORY_TESTING = "testing";
+
+  private final String id;
+  private final String category;
+  private final List<String> sprites;
+  private final String svg;
+  private final List<BadgeSvg> svgs;
+
+  @JsonCreator
+  public BadgeConfiguration(
+      @JsonProperty("id") final String id,
+      @JsonProperty("category") final String category,
+      @JsonProperty("sprites") final List<String> sprites,
+      @JsonProperty("svg") final String svg,
+      @JsonProperty("svgs") final List<BadgeSvg> svgs) {
+    this.id = id;
+    this.category = category;
+    this.sprites = sprites;
+    this.svg = svg;
+    this.svgs = svgs;
+  }
+
+  @NotEmpty
+  public String getId() {
+    return id;
+  }
+
+  @NotEmpty
+  public String getCategory() {
+    return category;
+  }
+
+  @NotNull
+  @ExactlySize(6)
+  public List<String> getSprites() {
+    return sprites;
+  }
+
+  @NotEmpty
+  public String getSvg() {
+    return svg;
+  }
+
+  @NotNull
+  public List<BadgeSvg> getSvgs() {
+    return svgs;
+  }
+
+  public boolean isTestBadge() {
+    return CATEGORY_TESTING.equals(category);
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BadgesConfiguration.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonSetter;
+import com.fasterxml.jackson.annotation.Nulls;
+import io.dropwizard.validation.ValidationMethod;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+import javax.validation.Valid;
+import javax.validation.constraints.NotNull;
+
+public class BadgesConfiguration {
+  private final List<BadgeConfiguration> badges;
+  private final List<String> badgeIdsEnabledForAll;
+  private final Map<Long, String> receiptLevels;
+
+  @JsonCreator
+  public BadgesConfiguration(
+      @JsonProperty("badges") @JsonSetter(nulls = Nulls.AS_EMPTY) final List<BadgeConfiguration> badges,
+      @JsonProperty("badgeIdsEnabledForAll") @JsonSetter(nulls = Nulls.AS_EMPTY) final List<String> badgeIdsEnabledForAll,
+      @JsonProperty("receiptLevels") @JsonSetter(nulls = Nulls.AS_EMPTY) final Map<Long, String> receiptLevels) {
+    this.badges = Objects.requireNonNull(badges);
+    this.badgeIdsEnabledForAll = Objects.requireNonNull(badgeIdsEnabledForAll);
+    this.receiptLevels = Objects.requireNonNull(receiptLevels);
+  }
+
+  @Valid
+  @NotNull
+  public List<BadgeConfiguration> getBadges() {
+    return badges;
+  }
+
+  @Valid
+  @NotNull
+  public List<String> getBadgeIdsEnabledForAll() {
+    return badgeIdsEnabledForAll;
+  }
+
+  @Valid
+  @NotNull
+  public Map<Long, String> getReceiptLevels() {
+    return receiptLevels;
+  }
+
+  @JsonIgnore
+  @ValidationMethod(message = "contains receipt level mappings that are not configured badges")
+  public boolean isAllReceiptLevelsConfigured() {
+    final Set<String> badgeNames = badges.stream().map(BadgeConfiguration::getId).collect(Collectors.toSet());
+    return badgeNames.containsAll(receiptLevels.values());
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BoostConfiguration.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.math.BigDecimal;
+import java.time.Duration;
+import java.util.List;
+import java.util.Map;
+import javax.validation.Valid;
+import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.util.ExactlySize;
+
+public class BoostConfiguration {
+
+  private final long level;
+  private final Duration expiration;
+  private final Map<String, List<BigDecimal>> currencies;
+  private final String badge;
+
+  @JsonCreator
+  public BoostConfiguration(
+      @JsonProperty("level") long level,
+      @JsonProperty("expiration") Duration expiration,
+      @JsonProperty("currencies") Map<String, List<BigDecimal>> currencies,
+      @JsonProperty("badge") String badge) {
+    this.level = level;
+    this.expiration = expiration;
+    this.currencies = currencies;
+    this.badge = badge;
+  }
+
+  public long getLevel() {
+    return level;
+  }
+
+  @NotNull
+  public Duration getExpiration() {
+    return expiration;
+  }
+
+  @Valid
+  @NotNull
+  public Map<@NotEmpty String, @Valid @ExactlySize(6) List<@DecimalMin("0.01") @NotNull BigDecimal>> getCurrencies() {
+    return currencies;
+  }
+
+  @NotEmpty
+  public String getBadge() {
+    return badge;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/CircuitBreakerConfiguration.java

@@ -7,15 +7,15 @@ package org.whispersystems.textsecuregcm.configuration;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.google.common.annotations.VisibleForTesting;
-
+import io.github.resilience4j.circuitbreaker.CircuitBreakerConfig;
+import java.time.Duration;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
 import javax.validation.constraints.Max;
 import javax.validation.constraints.Min;
 import javax.validation.constraints.NotNull;
 
-import java.time.Duration;
-
-import io.github.resilience4j.circuitbreaker.CircuitBreakerConfig;
-
 public class CircuitBreakerConfiguration {
 
   @JsonProperty
@@ -39,6 +39,9 @@ public class CircuitBreakerConfiguration {
   @Min(1)
   private long waitDurationInOpenStateInSeconds = 10;
 
+  @JsonProperty
+  private List<String> ignoredExceptions = Collections.emptyList();
+
 
   public int getFailureRateThreshold() {
     return failureRateThreshold;
@@ -56,6 +59,18 @@ public class CircuitBreakerConfiguration {
     return waitDurationInOpenStateInSeconds;
   }
 
+  public List<Class> getIgnoredExceptions() {
+      return ignoredExceptions.stream()
+          .map(name -> {
+             try {
+               return Class.forName(name);
+             } catch (final ClassNotFoundException e) {
+               throw new RuntimeException(e);
+             }
+          })
+          .collect(Collectors.toList());
+  }
+
   @VisibleForTesting
   public void setFailureRateThreshold(int failureRateThreshold) {
     this.failureRateThreshold = failureRateThreshold;
@@ -76,9 +91,15 @@ public class CircuitBreakerConfiguration {
     this.waitDurationInOpenStateInSeconds = seconds;
   }
 
+  @VisibleForTesting
+  public void setIgnoredExceptions(final List<String> ignoredExceptions) {
+    this.ignoredExceptions = ignoredExceptions;
+  }
+
   public CircuitBreakerConfig toCircuitBreakerConfig() {
     return CircuitBreakerConfig.custom()
                         .failureRateThreshold(getFailureRateThreshold())
+                        .ignoreExceptions(getIgnoredExceptions().toArray(new Class[0]))
                         .ringBufferSizeInHalfOpenState(getRingBufferSizeInHalfOpenState())
                         .waitDurationInOpenState(Duration.ofSeconds(getWaitDurationInOpenStateInSeconds()))
                         .ringBufferSizeInClosedState(getRingBufferSizeInClosedState())

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DatadogConfiguration.java

@@ -6,11 +6,13 @@
 package org.whispersystems.textsecuregcm.configuration;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import io.micrometer.datadog.DatadogConfig;
+import javax.validation.constraints.Min;
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
 import java.time.Duration;
 
-public class DatadogConfiguration {
+public class DatadogConfiguration implements DatadogConfig {
 
   @JsonProperty
   @NotBlank
@@ -20,11 +22,40 @@ public class DatadogConfiguration {
   @NotNull
   private Duration step = Duration.ofSeconds(10);
 
-  public String getApiKey() {
+  @JsonProperty
+  @NotBlank
+  private String environment;
+
+  @JsonProperty
+  @Min(1)
+  private int batchSize = 5_000;
+
+  @Override
+  public String apiKey() {
     return apiKey;
   }
 
-  public Duration getStep() {
+  @Override
+  public Duration step() {
     return step;
   }
+
+  public String getEnvironment() {
+    return environment;
+  }
+
+  @Override
+  public int batchSize() {
+    return batchSize;
+  }
+
+  @Override
+  public String hostTag() {
+    return "host";
+  }
+
+  @Override
+  public String get(final String key) {
+    return null;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DeletedAccountsTableConfiguration.java

@@ -0,0 +1,25 @@
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.constraints.NotBlank;
+import org.whispersystems.textsecuregcm.configuration.DynamoDbTables.Table;
+
+public class DeletedAccountsTableConfiguration extends Table {
+
+  private final String needsReconciliationIndexName;
+
+  @JsonCreator
+  public DeletedAccountsTableConfiguration(
+      @JsonProperty("tableName") final String tableName,
+      @JsonProperty("needsReconciliationIndexName") final String needsReconciliationIndexName) {
+
+    super(tableName);
+    this.needsReconciliationIndexName = needsReconciliationIndexName;
+  }
+
+  @NotBlank
+  public String getNeedsReconciliationIndexName() {
+    return needsReconciliationIndexName;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DirectoryV2ClientConfiguration.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright 2013-2020 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import org.whispersystems.textsecuregcm.util.ExactlySize;
+
+public class DirectoryV2ClientConfiguration {
+
+  private final byte[] userAuthenticationTokenSharedSecret;
+
+  @JsonCreator
+  public DirectoryV2ClientConfiguration(
+      @JsonProperty("userAuthenticationTokenSharedSecret") final byte[] userAuthenticationTokenSharedSecret) {
+    this.userAuthenticationTokenSharedSecret = userAuthenticationTokenSharedSecret;
+  }
+
+  @ExactlySize({32})
+  public byte[] getUserAuthenticationTokenSharedSecret() {
+    return userAuthenticationTokenSharedSecret;
+  }
+
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DirectoryV2Configuration.java

@@ -0,0 +1,24 @@
+/*
+ * Copyright 2013-2020 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.Valid;
+
+public class DirectoryV2Configuration {
+
+  private final DirectoryV2ClientConfiguration clientConfiguration;
+
+  @JsonCreator
+  public DirectoryV2Configuration(@JsonProperty("client") DirectoryV2ClientConfiguration clientConfiguration) {
+    this.clientConfiguration = clientConfiguration;
+  }
+
+  @Valid
+  public DirectoryV2ClientConfiguration getDirectoryV2ClientConfiguration() {
+    return clientConfiguration;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DonationConfiguration.java

@@ -15,7 +15,6 @@ import javax.validation.constraints.NotNull;
 public class DonationConfiguration {
 
   private String uri;
-  private String apiKey;
   private String description;
   private Set<String> supportedCurrencies;
   private CircuitBreakerConfiguration circuitBreaker = new CircuitBreakerConfiguration();
@@ -32,17 +31,6 @@ public class DonationConfiguration {
     this.uri = uri;
   }
 
-  @JsonProperty
-  @NotEmpty
-  public String getApiKey() {
-    return apiKey;
-  }
-
-  @VisibleForTesting
-  public void setApiKey(final String apiKey) {
-    this.apiKey = apiKey;
-  }
-
   @JsonProperty
   public String getDescription() {
     return description;

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DynamoDbClientConfiguration.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.time.Duration;
+import javax.validation.constraints.NotEmpty;
+
+public class DynamoDbClientConfiguration {
+
+  private final String region;
+  private final Duration clientExecutionTimeout;
+  private final Duration clientRequestTimeout;
+
+  @JsonCreator
+  public DynamoDbClientConfiguration(
+      @JsonProperty("region") final String region,
+      @JsonProperty("clientExcecutionTimeout") final Duration clientExecutionTimeout,
+      @JsonProperty("clientRequestTimeout") final Duration clientRequestTimeout) {
+    this.region = region;
+    this.clientExecutionTimeout = clientExecutionTimeout != null ? clientExecutionTimeout : Duration.ofSeconds(30);
+    this.clientRequestTimeout = clientRequestTimeout != null ? clientRequestTimeout : Duration.ofSeconds(10);
+  }
+
+  @NotEmpty
+  public String getRegion() {
+    return region;
+  }
+
+  public Duration getClientExecutionTimeout() {
+    return clientExecutionTimeout;
+  }
+
+  public Duration getClientRequestTimeout() {
+    return clientRequestTimeout;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DynamoDbConfiguration.java

@@ -1,44 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import javax.validation.Valid;
-import javax.validation.constraints.NotEmpty;
-import java.time.Duration;
-
-public class DynamoDbConfiguration {
-
-    private String   region;
-    private String   tableName;
-    private Duration clientExecutionTimeout = Duration.ofSeconds(30);
-    private Duration clientRequestTimeout   = Duration.ofSeconds(10);
-
-    @Valid
-    @NotEmpty
-    @JsonProperty
-    public String getRegion() {
-        return region;
-    }
-
-    @Valid
-    @NotEmpty
-    @JsonProperty
-    public String getTableName() {
-        return tableName;
-    }
-
-    @JsonProperty
-    public Duration getClientExecutionTimeout() {
-        return clientExecutionTimeout;
-    }
-
-    @JsonProperty
-    public Duration getClientRequestTimeout() {
-        return clientRequestTimeout;
-    }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DynamoDbTables.java

@@ -0,0 +1,197 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.time.Duration;
+import javax.validation.Valid;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+public class DynamoDbTables {
+
+  public static class Table {
+    private final String tableName;
+
+    @JsonCreator
+    public Table(
+        @JsonProperty("tableName") final String tableName) {
+      this.tableName = tableName;
+    }
+
+    @NotEmpty
+    public String getTableName() {
+      return tableName;
+    }
+  }
+
+  public static class TableWithExpiration extends Table {
+    private final Duration expiration;
+
+    @JsonCreator
+    public TableWithExpiration(
+        @JsonProperty("tableName") final String tableName,
+        @JsonProperty("expiration") final Duration expiration) {
+      super(tableName);
+      this.expiration = expiration;
+    }
+
+    @NotNull
+    public Duration getExpiration() {
+      return expiration;
+    }
+  }
+
+  private final AccountsTableConfiguration accounts;
+  private final DeletedAccountsTableConfiguration deletedAccounts;
+  private final Table deletedAccountsLock;
+  private final IssuedReceiptsTableConfiguration issuedReceipts;
+  private final Table keys;
+  private final TableWithExpiration messages;
+  private final Table pendingAccounts;
+  private final Table pendingDevices;
+  private final Table phoneNumberIdentifiers;
+  private final Table profiles;
+  private final Table pushChallenge;
+  private final TableWithExpiration redeemedReceipts;
+  private final Table remoteConfig;
+  private final Table reportMessage;
+  private final Table reservedUsernames;
+  private final Table subscriptions;
+
+  public DynamoDbTables(
+      @JsonProperty("accounts") final AccountsTableConfiguration accounts,
+      @JsonProperty("deletedAccounts") final DeletedAccountsTableConfiguration deletedAccounts,
+      @JsonProperty("deletedAccountsLock") final Table deletedAccountsLock,
+      @JsonProperty("issuedReceipts") final IssuedReceiptsTableConfiguration issuedReceipts,
+      @JsonProperty("keys") final Table keys,
+      @JsonProperty("messages") final TableWithExpiration messages,
+      @JsonProperty("pendingAccounts") final Table pendingAccounts,
+      @JsonProperty("pendingDevices") final Table pendingDevices,
+      @JsonProperty("phoneNumberIdentifiers") final Table phoneNumberIdentifiers,
+      @JsonProperty("profiles") final Table profiles,
+      @JsonProperty("pushChallenge") final Table pushChallenge,
+      @JsonProperty("redeemedReceipts") final TableWithExpiration redeemedReceipts,
+      @JsonProperty("remoteConfig") final Table remoteConfig,
+      @JsonProperty("reportMessage") final Table reportMessage,
+      @JsonProperty("reservedUsernames") final Table reservedUsernames,
+      @JsonProperty("subscriptions") final Table subscriptions) {
+
+    this.accounts = accounts;
+    this.deletedAccounts = deletedAccounts;
+    this.deletedAccountsLock = deletedAccountsLock;
+    this.issuedReceipts = issuedReceipts;
+    this.keys = keys;
+    this.messages = messages;
+    this.pendingAccounts = pendingAccounts;
+    this.pendingDevices = pendingDevices;
+    this.phoneNumberIdentifiers = phoneNumberIdentifiers;
+    this.profiles = profiles;
+    this.pushChallenge = pushChallenge;
+    this.redeemedReceipts = redeemedReceipts;
+    this.remoteConfig = remoteConfig;
+    this.reportMessage = reportMessage;
+    this.reservedUsernames = reservedUsernames;
+    this.subscriptions = subscriptions;
+  }
+
+  @NotNull
+  @Valid
+  public AccountsTableConfiguration getAccounts() {
+    return accounts;
+  }
+
+  @NotNull
+  @Valid
+  public DeletedAccountsTableConfiguration getDeletedAccounts() {
+    return deletedAccounts;
+  }
+
+  @NotNull
+  @Valid
+  public Table getDeletedAccountsLock() {
+    return deletedAccountsLock;
+  }
+
+  @NotNull
+  @Valid
+  public IssuedReceiptsTableConfiguration getIssuedReceipts() {
+    return issuedReceipts;
+  }
+
+  @NotNull
+  @Valid
+  public Table getKeys() {
+    return keys;
+  }
+
+  @NotNull
+  @Valid
+  public TableWithExpiration getMessages() {
+    return messages;
+  }
+
+  @NotNull
+  @Valid
+  public Table getPendingAccounts() {
+    return pendingAccounts;
+  }
+
+  @NotNull
+  @Valid
+  public Table getPendingDevices() {
+    return pendingDevices;
+  }
+
+  @NotNull
+  @Valid
+  public Table getPhoneNumberIdentifiers() {
+    return phoneNumberIdentifiers;
+  }
+
+  @NotNull
+  @Valid
+  public Table getProfiles() {
+    return profiles;
+  }
+
+  @NotNull
+  @Valid
+  public Table getPushChallenge() {
+    return pushChallenge;
+  }
+
+  @NotNull
+  @Valid
+  public TableWithExpiration getRedeemedReceipts() {
+    return redeemedReceipts;
+  }
+
+  @NotNull
+  @Valid
+  public Table getRemoteConfig() {
+    return remoteConfig;
+  }
+
+  @NotNull
+  @Valid
+  public Table getReportMessage() {
+    return reportMessage;
+  }
+
+  @NotNull
+  @Valid
+  public Table getReservedUsernames() {
+    return reservedUsernames;
+  }
+
+  @NotNull
+  @Valid
+  public Table getSubscriptions() {
+    return subscriptions;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/IssuedReceiptsTableConfiguration.java

@@ -0,0 +1,28 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.time.Duration;
+import javax.validation.constraints.NotEmpty;
+
+public class IssuedReceiptsTableConfiguration extends DynamoDbTables.TableWithExpiration {
+
+  private final byte[] generator;
+
+  public IssuedReceiptsTableConfiguration(
+      @JsonProperty("tableName") final String tableName,
+      @JsonProperty("expiration") final Duration expiration,
+      @JsonProperty("generator") final byte[] generator) {
+    super(tableName, expiration);
+    this.generator = generator;
+  }
+
+  @NotEmpty
+  public byte[] getGenerator() {
+    return generator;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/MessageDynamoDbConfiguration.java

@@ -1,20 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import javax.validation.Valid;
-import javax.validation.constraints.NotEmpty;
-import java.time.Duration;
-
-public class MessageDynamoDbConfiguration extends DynamoDbConfiguration {
-
-  private Duration timeToLive = Duration.ofDays(7);
-
-  @Valid
-  public Duration getTimeToLive() {
-    return timeToLive;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/MonitoredS3ObjectConfiguration.java

@@ -1,63 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.google.common.annotations.VisibleForTesting;
-import javax.validation.Valid;
-import javax.validation.constraints.NotBlank;
-import java.time.Duration;
-
-public class MonitoredS3ObjectConfiguration {
-
-  @JsonProperty
-  @NotBlank
-  private String s3Region;
-
-  @JsonProperty
-  @NotBlank
-  private String s3Bucket;
-
-  @JsonProperty
-  @NotBlank
-  private String objectKey;
-
-  @JsonProperty
-  private long maxSize = 16 * 1024 * 1024;
-
-  @JsonProperty
-  private Duration refreshInterval = Duration.ofMinutes(5);
-
-  public String getS3Region() {
-    return s3Region;
-  }
-
-  @VisibleForTesting
-  public void setS3Region(final String s3Region) {
-    this.s3Region = s3Region;
-  }
-
-  public String getS3Bucket() {
-    return s3Bucket;
-  }
-
-  public String getObjectKey() {
-    return objectKey;
-  }
-
-  public long getMaxSize() {
-    return maxSize;
-  }
-
-  @VisibleForTesting
-  public void setMaxSize(final long maxSize) {
-    this.maxSize = maxSize;
-  }
-
-  public Duration getRefreshInterval() {
-    return refreshInterval;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RateLimitsConfiguration.java

@@ -63,6 +63,9 @@ public class RateLimitsConfiguration {
   @JsonProperty
   private RateLimitConfiguration usernameSet = new RateLimitConfiguration(100, 100 / (24.0 * 60.0));
 
+  @JsonProperty
+  private RateLimitConfiguration checkAccountExistence = new RateLimitConfiguration(1_000, 1_000 / 60.0);
+
   public RateLimitConfiguration getAutoBlock() {
     return autoBlock;
   }
@@ -135,6 +138,10 @@ public class RateLimitsConfiguration {
     return usernameSet;
   }
 
+  public RateLimitConfiguration getCheckAccountExistence() {
+    return checkAccountExistence;
+  }
+
   public static class RateLimitConfiguration {
     @JsonProperty
     private int bucketSize;

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RecaptchaV2Configuration.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import java.math.BigDecimal;
+import javax.validation.constraints.DecimalMax;
+import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+public class RecaptchaV2Configuration {
+
+  private BigDecimal scoreFloor;
+  private String projectPath;
+  private String siteKey;
+  private String credentialConfigurationJson;
+
+  @DecimalMin("0")
+  @DecimalMax("1")
+  @NotNull
+  public BigDecimal getScoreFloor() {
+    return scoreFloor;
+  }
+
+  @NotEmpty
+  public String getProjectPath() {
+    return projectPath;
+  }
+
+  @NotEmpty
+  public String getSiteKey() {
+    return siteKey;
+  }
+
+  @NotEmpty
+  public String getCredentialConfigurationJson() {
+    return credentialConfigurationJson;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RedisClusterConfiguration.java

@@ -11,41 +11,40 @@ import javax.validation.Valid;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
 import java.time.Duration;
-import java.util.List;
 
 public class RedisClusterConfiguration {
 
-    @JsonProperty
-    @NotEmpty
-    private List<String> urls;
+  @JsonProperty
+  @NotEmpty
+  private String configurationUri;
 
-    @JsonProperty
-    @NotNull
-    private Duration timeout = Duration.ofMillis(3_000);
+  @JsonProperty
+  @NotNull
+  private Duration timeout = Duration.ofMillis(3_000);
 
-    @JsonProperty
-    @NotNull
-    @Valid
-    private CircuitBreakerConfiguration circuitBreaker = new CircuitBreakerConfiguration();
+  @JsonProperty
+  @NotNull
+  @Valid
+  private CircuitBreakerConfiguration circuitBreaker = new CircuitBreakerConfiguration();
 
-    @JsonProperty
-    @NotNull
-    @Valid
-    private RetryConfiguration retry = new RetryConfiguration();
+  @JsonProperty
+  @NotNull
+  @Valid
+  private RetryConfiguration retry = new RetryConfiguration();
 
-    public List<String> getUrls() {
-        return urls;
-    }
+  public String getConfigurationUri() {
+    return configurationUri;
+  }
 
-    public Duration getTimeout() {
-        return timeout;
-    }
+  public Duration getTimeout() {
+    return timeout;
+  }
 
-    public CircuitBreakerConfiguration getCircuitBreakerConfiguration() {
-        return circuitBreaker;
-    }
+  public CircuitBreakerConfiguration getCircuitBreakerConfiguration() {
+    return circuitBreaker;
+  }
 
-    public RetryConfiguration getRetryConfiguration() {
-        return retry;
-    }
+  public RetryConfiguration getRetryConfiguration() {
+    return retry;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/ReportMessageConfiguration.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.constraints.NotNull;
+import java.time.Duration;
+
+public class ReportMessageConfiguration {
+
+  @JsonProperty
+  @NotNull
+  private final Duration reportTtl = Duration.ofDays(7);
+
+  @JsonProperty
+  @NotNull
+  private final Duration counterTtl = Duration.ofDays(1);
+
+  public Duration getReportTtl() {
+    return reportTtl;
+  }
+
+  public Duration getCounterTtl() {
+    return counterTtl;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/StripeConfiguration.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.constraints.NotEmpty;
+
+public class StripeConfiguration {
+
+  private final String apiKey;
+  private final byte[] idempotencyKeyGenerator;
+  private final String boostDescription;
+
+  @JsonCreator
+  public StripeConfiguration(
+      @JsonProperty("apiKey") final String apiKey,
+      @JsonProperty("idempotencyKeyGenerator") final byte[] idempotencyKeyGenerator,
+      @JsonProperty("boostDescription") final String boostDescription) {
+    this.apiKey = apiKey;
+    this.idempotencyKeyGenerator = idempotencyKeyGenerator;
+    this.boostDescription = boostDescription;
+  }
+
+  @NotEmpty
+  public String getApiKey() {
+    return apiKey;
+  }
+
+  @NotEmpty
+  public byte[] getIdempotencyKeyGenerator() {
+    return idempotencyKeyGenerator;
+  }
+
+  @NotEmpty
+  public String getBoostDescription() {
+    return boostDescription;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SubscriptionConfiguration.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import io.dropwizard.validation.ValidationMethod;
+import java.time.Duration;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import javax.validation.Valid;
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotNull;
+
+public class SubscriptionConfiguration {
+
+  private final Duration badgeGracePeriod;
+  private final Map<Long, SubscriptionLevelConfiguration> levels;
+
+  @JsonCreator
+  public SubscriptionConfiguration(
+      @JsonProperty("badgeGracePeriod") @Valid Duration badgeGracePeriod,
+      @JsonProperty("levels") @Valid Map<@NotNull @Min(1) Long, @NotNull @Valid SubscriptionLevelConfiguration> levels) {
+    this.badgeGracePeriod = badgeGracePeriod;
+    this.levels = levels;
+  }
+
+  public Duration getBadgeGracePeriod() {
+    return badgeGracePeriod;
+  }
+
+  public Map<Long, SubscriptionLevelConfiguration> getLevels() {
+    return levels;
+  }
+
+  @JsonIgnore
+  @ValidationMethod(message = "has a mismatch between the levels supported currencies")
+  public boolean isCurrencyListSameAcrossAllLevels() {
+    Optional<SubscriptionLevelConfiguration> any = levels.values().stream().findAny();
+    if (any.isEmpty()) {
+      return true;
+    }
+
+    Set<String> currencies = any.get().getPrices().keySet();
+    return levels.values().stream().allMatch(level -> currencies.equals(level.getPrices().keySet()));
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SubscriptionLevelConfiguration.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.Map;
+import javax.validation.Valid;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+public class SubscriptionLevelConfiguration {
+
+  private final String badge;
+  private final String product;
+  private final Map<String, SubscriptionPriceConfiguration> prices;
+
+  @JsonCreator
+  public SubscriptionLevelConfiguration(
+      @JsonProperty("badge") @NotEmpty String badge,
+      @JsonProperty("product") @NotEmpty String product,
+      @JsonProperty("prices") @Valid Map<@NotEmpty String, @NotNull @Valid SubscriptionPriceConfiguration> prices) {
+    this.badge = badge;
+    this.product = product;
+    this.prices = prices;
+  }
+
+  public String getBadge() {
+    return badge;
+  }
+
+  public String getProduct() {
+    return product;
+  }
+
+  public Map<String, SubscriptionPriceConfiguration> getPrices() {
+    return prices;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SubscriptionPriceConfiguration.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.math.BigDecimal;
+import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+public class SubscriptionPriceConfiguration {
+
+  private final String id;
+  private final BigDecimal amount;
+
+  @JsonCreator
+  public SubscriptionPriceConfiguration(
+      @JsonProperty("id") @NotEmpty String id,
+      @JsonProperty("amount") @NotNull @DecimalMin("0.01") BigDecimal amount) {
+    this.id = id;
+    this.amount = amount;
+  }
+
+  public String getId() {
+    return id;
+  }
+
+  public BigDecimal getAmount() {
+    return amount;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/URLDeserializationConverter.java

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.databind.util.StdConverter;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+final class URLDeserializationConverter extends StdConverter<String, URL> {
+
+  @Override
+  public URL convert(final String value) {
+    try {
+      return new URL(value);
+    } catch (MalformedURLException e) {
+      throw new IllegalArgumentException(e);
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/URLSerializationConverter.java

@@ -0,0 +1,17 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.databind.util.StdConverter;
+import java.net.URL;
+
+final class URLSerializationConverter extends StdConverter<URL, String> {
+
+  @Override
+  public String convert(final URL value) {
+    return value.toString();
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/WavefrontConfiguration.java

@@ -1,28 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import javax.validation.constraints.Positive;
-
-public class WavefrontConfiguration {
-
-    @JsonProperty
-    private String uri;
-
-    @JsonProperty
-    @Positive
-    private int batchSize = 10_000;
-
-    public String getUri() {
-        return uri;
-    }
-
-    public int getBatchSize() {
-        return batchSize;
-    }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/ZkConfig.java

@@ -26,10 +26,6 @@ public class ZkConfig {
   @NotNull
   private byte[] serverPublic;
 
-  @JsonProperty
-  @NotNull
-  private Boolean enabled;
-
   public byte[] getServerSecret() {
     return serverSecret;
   }
@@ -37,8 +33,4 @@ public class ZkConfig {
   public byte[] getServerPublic() {
     return serverPublic;
   }
-
-  public boolean isEnabled() {
-    return enabled;
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicAccountsDynamoDbMigrationConfiguration.java

@@ -1,62 +0,0 @@
-package org.whispersystems.textsecuregcm.configuration.dynamic;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.google.common.annotations.VisibleForTesting;
-
-public class DynamicAccountsDynamoDbMigrationConfiguration {
-
-  @JsonProperty
-  boolean backgroundMigrationEnabled;
-
-  @JsonProperty
-  int backgroundMigrationExecutorThreads = 1;
-
-  @JsonProperty
-  boolean deleteEnabled;
-
-  @JsonProperty
-  boolean writeEnabled;
-
-  @JsonProperty
-  boolean readEnabled;
-
-  @JsonProperty
-  boolean logMismatches;
-
-  public boolean isBackgroundMigrationEnabled() {
-    return backgroundMigrationEnabled;
-  }
-
-  public int getBackgroundMigrationExecutorThreads() {
-    return backgroundMigrationExecutorThreads;
-  }
-
-  public void setDeleteEnabled(boolean deleteEnabled) {
-    this.deleteEnabled = deleteEnabled;
-  }
-
-  public boolean isDeleteEnabled() {
-    return deleteEnabled;
-  }
-
-  public void setWriteEnabled(boolean writeEnabled) {
-    this.writeEnabled = writeEnabled;
-  }
-
-  public boolean isWriteEnabled() {
-    return writeEnabled;
-  }
-
-  @VisibleForTesting
-  public void setReadEnabled(boolean readEnabled) {
-    this.readEnabled = readEnabled;
-  }
-
-  public boolean isReadEnabled() {
-    return readEnabled;
-  }
-
-  public boolean isLogMismatches() {
-    return logMismatches;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfiguration.java

@@ -45,11 +45,15 @@ public class DynamicConfiguration {
   private DynamicSignupCaptchaConfiguration signupCaptcha = new DynamicSignupCaptchaConfiguration();
 
   @JsonProperty
-  private DynamicAccountsDynamoDbMigrationConfiguration accountsDynamoDbMigration = new DynamicAccountsDynamoDbMigrationConfiguration();
+  @Valid
+  private DynamicRateLimitChallengeConfiguration rateLimitChallenge = new DynamicRateLimitChallengeConfiguration();
+
+  @JsonProperty
+  private DynamicDirectoryReconcilerConfiguration directoryReconciler = new DynamicDirectoryReconcilerConfiguration();
 
   @JsonProperty
   @Valid
-  private DynamicRateLimitChallengeConfiguration rateLimitChallenge = new DynamicRateLimitChallengeConfiguration();
+  private DynamicPushLatencyConfiguration pushLatency = new DynamicPushLatencyConfiguration(Collections.emptyMap());
 
   public Optional<DynamicExperimentEnrollmentConfiguration> getExperimentEnrollmentConfiguration(
       final String experimentName) {
@@ -94,11 +98,16 @@ public class DynamicConfiguration {
     return signupCaptcha;
   }
 
-  public DynamicAccountsDynamoDbMigrationConfiguration getAccountsDynamoDbMigrationConfiguration() {
-    return accountsDynamoDbMigration;
-  }
-
   public DynamicRateLimitChallengeConfiguration getRateLimitChallengeConfiguration() {
     return rateLimitChallenge;
   }
+
+  public DynamicDirectoryReconcilerConfiguration getDirectoryReconcilerConfiguration() {
+    return directoryReconciler;
+  }
+
+  public DynamicPushLatencyConfiguration getPushLatencyConfiguration() {
+    return pushLatency;
+  }
+
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicDirectoryReconcilerConfiguration.java

@@ -0,0 +1,18 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration.dynamic;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+public class DynamicDirectoryReconcilerConfiguration {
+
+  @JsonProperty
+  private boolean enabled = true;
+
+  public boolean isEnabled() {
+    return enabled;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicMessageRateConfiguration.java

@@ -6,66 +6,13 @@
 package org.whispersystems.textsecuregcm.configuration.dynamic;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
-import java.time.Duration;
-import java.util.Collections;
-import java.util.Set;
 
 public class DynamicMessageRateConfiguration {
 
   @JsonProperty
   private boolean enforceUnsealedSenderRateLimit = false;
 
-  @JsonProperty
-  private Set<String> rateLimitedCountryCodes = Collections.emptySet();
-
-  @JsonProperty
-  private Set<String> rateLimitedHosts = Collections.emptySet();
-
-  @JsonProperty
-  private Duration responseDelay = Duration.ofNanos(1_200_000);
-
-  @JsonProperty
-  private Duration responseDelayJitter = Duration.ofNanos(500_000);
-
-  @JsonProperty
-  private Duration receiptDelay = Duration.ofMillis(1_200);
-
-  @JsonProperty
-  private Duration receiptDelayJitter = Duration.ofMillis(800);
-
-  @JsonProperty
-  private double receiptProbability = 0.82;
-
-
   public boolean isEnforceUnsealedSenderRateLimit() {
     return enforceUnsealedSenderRateLimit;
   }
-
-  public Set<String> getRateLimitedCountryCodes() {
-    return rateLimitedCountryCodes;
-  }
-
-  public Set<String> getRateLimitedHosts() {
-    return rateLimitedHosts;
-  }
-
-  public Duration getResponseDelay() {
-    return responseDelay;
-  }
-
-  public Duration getResponseDelayJitter() {
-    return responseDelayJitter;
-  }
-
-  public Duration getReceiptDelay() {
-    return receiptDelay;
-  }
-
-  public Duration getReceiptDelayJitter() {
-    return receiptDelayJitter;
-  }
-
-  public double getReceiptProbability() {
-    return receiptProbability;
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicPaymentsConfiguration.java

@@ -7,14 +7,14 @@ package org.whispersystems.textsecuregcm.configuration.dynamic;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import java.util.Collections;
-import java.util.Set;
+import java.util.List;
 
 public class DynamicPaymentsConfiguration {
 
   @JsonProperty
-  private Set<String> allowedCountryCodes = Collections.emptySet();
+  private List<String> disallowedPrefixes = Collections.emptyList();
 
-  public Set<String> getAllowedCountryCodes() {
-    return allowedCountryCodes;
+  public List<String> getDisallowedPrefixes() {
+    return disallowedPrefixes;
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicPreRegistrationExperimentEnrollmentConfiguration.java

@@ -20,12 +20,16 @@ public class DynamicPreRegistrationExperimentEnrollmentConfiguration {
 
   @JsonProperty
   @Valid
-  private Set<String> excludedCountryCodes = Collections.emptySet();
+  private Set<String> excludedE164s = Collections.emptySet();
 
   @JsonProperty
   @Valid
   private Set<String> includedCountryCodes = Collections.emptySet();
 
+  @JsonProperty
+  @Valid
+  private Set<String> excludedCountryCodes = Collections.emptySet();
+
   @JsonProperty
   @Valid
   @Min(0)
@@ -36,14 +40,18 @@ public class DynamicPreRegistrationExperimentEnrollmentConfiguration {
     return enrolledE164s;
   }
 
-  public Set<String> getExcludedCountryCodes() {
-    return excludedCountryCodes;
+  public Set<String> getExcludedE164s() {
+    return excludedE164s;
   }
 
   public Set<String> getIncludedCountryCodes() {
     return includedCountryCodes;
   }
 
+  public Set<String> getExcludedCountryCodes() {
+    return excludedCountryCodes;
+  }
+
   public int getEnrollmentPercentage() {
     return enrollmentPercentage;
   }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicPushLatencyConfiguration.java

@@ -0,0 +1,27 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration.dynamic;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.vdurmont.semver4j.Semver;
+import org.whispersystems.textsecuregcm.util.ua.ClientPlatform;
+import java.util.Map;
+import java.util.Set;
+
+public class DynamicPushLatencyConfiguration {
+
+  private final Map<ClientPlatform, Set<Semver>> instrumentedVersions;
+
+  @JsonCreator
+  public DynamicPushLatencyConfiguration(@JsonProperty("instrumentedVersions") final Map<ClientPlatform, Set<Semver>> instrumentedVersions) {
+    this.instrumentedVersions = instrumentedVersions;
+  }
+
+  public Map<ClientPlatform, Set<Semver>> getInstrumentedVersions() {
+    return instrumentedVersions;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicRateLimitChallengeConfiguration.java

@@ -11,9 +11,6 @@ import javax.validation.constraints.NotNull;
 
 public class DynamicRateLimitChallengeConfiguration {
 
-  @JsonProperty
-  private boolean preKeyLimitEnforced = false;
-
   @JsonProperty
   boolean unsealedSenderLimitEnforced = false;
 
@@ -30,10 +27,6 @@ public class DynamicRateLimitChallengeConfiguration {
     return Optional.ofNullable(clientSupportedVersions.get(platform));
   }
 
-  public boolean isPreKeyLimitEnforced() {
-    return preKeyLimitEnforced;
-  }
-
   public boolean isUnsealedSenderLimitEnforced() {
     return unsealedSenderLimitEnforced;
   }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicRateLimitsConfiguration.java

@@ -16,9 +16,6 @@ public class DynamicRateLimitsConfiguration {
   @JsonProperty
   private int unsealedSenderPermitIncrement = 50;
 
-  @JsonProperty
-  private RateLimitConfiguration unsealedSenderIp = new RateLimitConfiguration(120, 2.0 / 60);
-
   @JsonProperty
   private RateLimitConfiguration rateLimitReset = new RateLimitConfiguration(2, 2.0 / (60 * 24));
 
@@ -34,13 +31,6 @@ public class DynamicRateLimitsConfiguration {
   @JsonProperty
   private RateLimitConfiguration pushChallengeSuccess = new RateLimitConfiguration(2, 2.0 / (60 * 24));
 
-  @JsonProperty
-  private RateLimitConfiguration dailyPreKeys = new RateLimitConfiguration(50, 50.0 / (24.0 * 60));
-
-  public RateLimitConfiguration getUnsealedSenderIp() {
-    return unsealedSenderIp;
-  }
-
   public CardinalityRateLimitConfiguration getUnsealedSenderNumber() {
     return unsealedSenderNumber;
   }
@@ -72,8 +62,4 @@ public class DynamicRateLimitsConfiguration {
   public int getUnsealedSenderPermitIncrement() {
     return unsealedSenderPermitIncrement;
   }
-
-  public RateLimitConfiguration getDailyPreKeys() {
-    return dailyPreKeys;
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AcceptNumericOnlineFlagRequestFilter.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.controllers;
+
+import java.io.IOException;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.PreMatching;
+
+@PreMatching
+public class AcceptNumericOnlineFlagRequestFilter implements ContainerRequestFilter {
+
+  private final String pathPrefix;
+
+  public AcceptNumericOnlineFlagRequestFilter(final String pathPrefix) {
+    this.pathPrefix = pathPrefix;
+  }
+
+  @Override
+  public void filter(final ContainerRequestContext requestContext) throws IOException {
+    if (requestContext.getUriInfo().getPath().startsWith(pathPrefix)) {
+      if ("1".equals(requestContext.getUriInfo().getQueryParameters().getFirst("online"))) {
+        requestContext.setRequestUri(requestContext.getUriInfo().getRequestUriBuilder()
+            .replaceQueryParam("online", "true")
+            .build());
+      }
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm.controllers;
@@ -15,6 +15,7 @@ import io.dropwizard.auth.Auth;
 import io.micrometer.core.instrument.Metrics;
 import io.micrometer.core.instrument.Tag;
 import java.security.SecureRandom;
+import java.time.Duration;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -25,10 +26,14 @@ import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.TimeUnit;
+import javax.annotation.Nullable;
+import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
+import javax.ws.rs.BadRequestException;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
+import javax.ws.rs.HEAD;
 import javax.ws.rs.HeaderParam;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
@@ -36,25 +41,30 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.auth.AuthenticationCredentials;
-import org.whispersystems.textsecuregcm.auth.AuthorizationHeader;
-import org.whispersystems.textsecuregcm.auth.DisabledPermittedAccount;
+import org.whispersystems.textsecuregcm.auth.BasicAuthorizationHeader;
+import org.whispersystems.textsecuregcm.auth.ChangesDeviceEnabledState;
+import org.whispersystems.textsecuregcm.auth.DisabledPermittedAuthenticatedAccount;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialGenerator;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
-import org.whispersystems.textsecuregcm.auth.InvalidAuthorizationHeaderException;
 import org.whispersystems.textsecuregcm.auth.StoredRegistrationLock;
 import org.whispersystems.textsecuregcm.auth.StoredVerificationCode;
 import org.whispersystems.textsecuregcm.auth.TurnToken;
 import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicSignupCaptchaConfiguration;
 import org.whispersystems.textsecuregcm.entities.AccountAttributes;
 import org.whispersystems.textsecuregcm.entities.AccountCreationResult;
 import org.whispersystems.textsecuregcm.entities.ApnRegistrationId;
-import org.whispersystems.textsecuregcm.entities.DeprecatedPin;
+import org.whispersystems.textsecuregcm.entities.ChangePhoneNumberRequest;
 import org.whispersystems.textsecuregcm.entities.DeviceName;
 import org.whispersystems.textsecuregcm.entities.GcmRegistrationId;
 import org.whispersystems.textsecuregcm.entities.RegistrationLock;
@@ -68,19 +78,20 @@ import org.whispersystems.textsecuregcm.push.GcmMessage;
 import org.whispersystems.textsecuregcm.recaptcha.RecaptchaClient;
 import org.whispersystems.textsecuregcm.sms.SmsSender;
 import org.whispersystems.textsecuregcm.sms.TwilioVerifyExperimentEnrollmentManager;
-import org.whispersystems.textsecuregcm.sqs.DirectoryQueue;
 import org.whispersystems.textsecuregcm.storage.AbusiveHostRule;
 import org.whispersystems.textsecuregcm.storage.AbusiveHostRules;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.AccountsManager;
 import org.whispersystems.textsecuregcm.storage.Device;
 import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
-import org.whispersystems.textsecuregcm.storage.MessagesManager;
-import org.whispersystems.textsecuregcm.storage.PendingAccountsManager;
-import org.whispersystems.textsecuregcm.storage.UsernamesManager;
+import org.whispersystems.textsecuregcm.storage.StoredVerificationCodeManager;
+import org.whispersystems.textsecuregcm.storage.UsernameNotAvailableException;
 import org.whispersystems.textsecuregcm.util.Constants;
 import org.whispersystems.textsecuregcm.util.ForwardedIpUtil;
 import org.whispersystems.textsecuregcm.util.Hex;
+import org.whispersystems.textsecuregcm.util.ImpossiblePhoneNumberException;
+import org.whispersystems.textsecuregcm.util.NonNormalizedPhoneNumberException;
+import org.whispersystems.textsecuregcm.util.Username;
 import org.whispersystems.textsecuregcm.util.Util;
 import org.whispersystems.textsecuregcm.util.VerificationCode;
 
@@ -90,7 +101,6 @@ public class AccountController {
 
   private final Logger         logger                 = LoggerFactory.getLogger(AccountController.class);
   private final MetricRegistry metricRegistry         = SharedMetricRegistries.getOrCreate(Constants.METRICS_NAME);
-  private final Meter          newUserMeter           = metricRegistry.meter(name(AccountController.class, "brand_new_user"     ));
   private final Meter          blockedHostMeter       = metricRegistry.meter(name(AccountController.class, "blocked_host"       ));
   private final Meter          filteredHostMeter      = metricRegistry.meter(name(AccountController.class, "filtered_host"      ));
   private final Meter          rateLimitedHostMeter   = metricRegistry.meter(name(AccountController.class, "rate_limited_host"  ));
@@ -112,33 +122,27 @@ public class AccountController {
 
   private static final String VERIFY_EXPERIMENT_TAG_NAME = "twilioVerify";
 
-  private final PendingAccountsManager             pendingAccounts;
+  private final StoredVerificationCodeManager      pendingAccounts;
   private final AccountsManager                    accounts;
-  private final UsernamesManager                   usernames;
   private final AbusiveHostRules                   abusiveHostRules;
   private final RateLimiters                       rateLimiters;
   private final SmsSender                          smsSender;
-  private final DirectoryQueue                     directoryQueue;
-  private final MessagesManager                    messagesManager;
-  private final DynamicConfigurationManager        dynamicConfigurationManager;
+  private final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager;
   private final TurnTokenGenerator                 turnTokenGenerator;
   private final Map<String, Integer>               testDevices;
-  private final RecaptchaClient                    recaptchaClient;
+  private final RecaptchaClient recaptchaClient;
   private final GCMSender                          gcmSender;
   private final APNSender                          apnSender;
   private final ExternalServiceCredentialGenerator backupServiceCredentialGenerator;
 
   private final TwilioVerifyExperimentEnrollmentManager verifyExperimentEnrollmentManager;
 
-  public AccountController(PendingAccountsManager pendingAccounts,
+  public AccountController(StoredVerificationCodeManager pendingAccounts,
                            AccountsManager accounts,
-                           UsernamesManager usernames,
                            AbusiveHostRules abusiveHostRules,
                            RateLimiters rateLimiters,
                            SmsSender smsSenderFactory,
-                           DirectoryQueue directoryQueue,
-                           MessagesManager messagesManager,
-                           DynamicConfigurationManager dynamicConfigurationManager,
+                           DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager,
                            TurnTokenGenerator turnTokenGenerator,
                            Map<String, Integer> testDevices,
                            RecaptchaClient recaptchaClient,
@@ -149,16 +153,13 @@ public class AccountController {
   {
     this.pendingAccounts                   = pendingAccounts;
     this.accounts                          = accounts;
-    this.usernames                         = usernames;
     this.abusiveHostRules                  = abusiveHostRules;
     this.rateLimiters                      = rateLimiters;
     this.smsSender                         = smsSenderFactory;
-    this.directoryQueue                    = directoryQueue;
-    this.messagesManager                   = messagesManager;
     this.dynamicConfigurationManager       = dynamicConfigurationManager;
     this.testDevices                       = testDevices;
     this.turnTokenGenerator                = turnTokenGenerator;
-    this.recaptchaClient                   = recaptchaClient;
+    this.recaptchaClient = recaptchaClient;
     this.gcmSender                         = gcmSender;
     this.apnSender                         = apnSender;
     this.backupServiceCredentialGenerator  = backupServiceCredentialGenerator;
@@ -168,30 +169,31 @@ public class AccountController {
   @Timed
   @GET
   @Path("/{type}/preauth/{token}/{number}")
+  @Produces(MediaType.APPLICATION_JSON)
   public Response getPreAuth(@PathParam("type")   String pushType,
                              @PathParam("token")  String pushToken,
                              @PathParam("number") String number,
                              @QueryParam("voip")  Optional<Boolean> useVoip)
-  {
+      throws ImpossiblePhoneNumberException, NonNormalizedPhoneNumberException {
+
     if (!"apn".equals(pushType) && !"fcm".equals(pushType)) {
       return Response.status(400).build();
     }
 
-    if (!Util.isValidNumber(number)) {
-      return Response.status(400).build();
-    }
+    Util.requireNormalizedNumber(number);
 
     String                 pushChallenge          = generatePushChallenge();
     StoredVerificationCode storedVerificationCode = new StoredVerificationCode(null,
                                                                                System.currentTimeMillis(),
-                                                                               pushChallenge);
+                                                                               pushChallenge,
+                                                                               null);
 
     pendingAccounts.store(number, storedVerificationCode);
 
     if ("fcm".equals(pushType)) {
-      gcmSender.sendMessage(new GcmMessage(pushToken, number, 0, GcmMessage.Type.CHALLENGE, Optional.of(storedVerificationCode.getPushCode())));
+      gcmSender.sendMessage(new GcmMessage(pushToken, null, 0, GcmMessage.Type.CHALLENGE, Optional.of(storedVerificationCode.getPushCode())));
     } else if ("apn".equals(pushType)) {
-      apnSender.sendMessage(new ApnMessage(pushToken, number, 0, useVoip.orElse(true), ApnMessage.Type.CHALLENGE, Optional.of(storedVerificationCode.getPushCode())));
+      apnSender.sendMessage(new ApnMessage(pushToken, null, 0, useVoip.orElse(true), ApnMessage.Type.CHALLENGE, Optional.of(storedVerificationCode.getPushCode())));
     } else {
       throw new AssertionError();
     }
@@ -202,6 +204,7 @@ public class AccountController {
   @Timed
   @GET
   @Path("/{transport}/code/{number}")
+  @Produces(MediaType.APPLICATION_JSON)
   public Response createAccount(@PathParam("transport")         String transport,
                                 @PathParam("number")            String number,
                                 @HeaderParam("X-Forwarded-For") String forwardedFor,
@@ -210,28 +213,21 @@ public class AccountController {
                                 @QueryParam("client")           Optional<String> client,
                                 @QueryParam("captcha")          Optional<String> captcha,
                                 @QueryParam("challenge")        Optional<String> pushChallenge)
-      throws RateLimitExceededException, RetryLaterException
-  {
-    if (!Util.isValidNumber(number)) {
-      logger.info("Invalid number: " + number);
-      throw new WebApplicationException(Response.status(400).build());
-    }
+      throws RateLimitExceededException, RetryLaterException, ImpossiblePhoneNumberException, NonNormalizedPhoneNumberException {
 
-    if (number.startsWith("+98")) {
-      transport = "voice";
-    }
+    Util.requireNormalizedNumber(number);
 
-    String requester = ForwardedIpUtil.getMostRecentProxy(forwardedFor).orElseThrow();
+    String sourceHost = ForwardedIpUtil.getMostRecentProxy(forwardedFor).orElseThrow();
 
     Optional<StoredVerificationCode> storedChallenge = pendingAccounts.getCodeForNumber(number);
-    CaptchaRequirement               requirement     = requiresCaptcha(number, transport, forwardedFor, requester, captcha, storedChallenge, pushChallenge);
+    CaptchaRequirement               requirement     = requiresCaptcha(number, transport, forwardedFor, sourceHost, captcha, storedChallenge, pushChallenge);
 
     if (requirement.isCaptchaRequired()) {
       captchaRequiredMeter.mark();
 
-      if (requirement.isAutoBlock() && shouldAutoBlock(requester)) {
-        logger.info("Auto-block: " + requester);
-        abusiveHostRules.setBlockedHost(requester, "Auto-Block");
+      if (requirement.isAutoBlock() && shouldAutoBlock(sourceHost)) {
+        logger.info("Auto-block: {}", sourceHost);
+        abusiveHostRules.setBlockedHost(sourceHost, "Auto-Block");
       }
 
       return Response.status(402).build();
@@ -317,6 +313,7 @@ public class AccountController {
       });
     });
 
+    // TODO Remove this meter when external dependencies have been resolved
     metricRegistry.meter(name(AccountController.class, "create", Util.getCountryCode(number))).mark();
 
     {
@@ -338,88 +335,110 @@ public class AccountController {
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/code/{verification_code}")
   public AccountCreationResult verifyAccount(@PathParam("verification_code") String verificationCode,
-                                             @HeaderParam("Authorization")   String authorizationHeader,
-                                             @HeaderParam("X-Signal-Agent")  String signalAgent,
-                                             @HeaderParam("User-Agent")      String userAgent,
-                                             @QueryParam("transfer")         Optional<Boolean> availableForTransfer,
-                                             @Valid                          AccountAttributes accountAttributes)
-      throws RateLimitExceededException
-  {
-    try {
-      AuthorizationHeader header = AuthorizationHeader.fromFullHeader(authorizationHeader);
-      String number              = header.getIdentifier().getNumber();
-      String password            = header.getPassword();
+                                             @HeaderParam("Authorization") BasicAuthorizationHeader authorizationHeader,
+                                             @HeaderParam("X-Signal-Agent") String signalAgent,
+                                             @HeaderParam("User-Agent") String userAgent,
+                                             @QueryParam("transfer") Optional<Boolean> availableForTransfer,
+                                             @Valid AccountAttributes accountAttributes)
+      throws RateLimitExceededException, InterruptedException {
 
-      if (number == null) {
-        throw new WebApplicationException(400);
-      }
+    String number = authorizationHeader.getUsername();
+    String password = authorizationHeader.getPassword();
 
-      rateLimiters.getVerifyLimiter().validate(number);
+    rateLimiters.getVerifyLimiter().validate(number);
 
-      Optional<StoredVerificationCode> storedVerificationCode = pendingAccounts.getCodeForNumber(number);
+    // Note that successful verification depends on being able to find a stored verification code for the given number.
+    // We check that numbers are normalized before we store verification codes, and so don't need to re-assert
+    // normalization here.
+    Optional<StoredVerificationCode> storedVerificationCode = pendingAccounts.getCodeForNumber(number);
 
-      if (storedVerificationCode.isEmpty() || !storedVerificationCode.get().isValid(verificationCode)) {
-        throw new WebApplicationException(Response.status(403).build());
-      }
-
-      storedVerificationCode.flatMap(StoredVerificationCode::getTwilioVerificationSid)
-          .ifPresent(smsSender::reportVerificationSucceeded);
-
-      Optional<Account>                    existingAccount           = accounts.get(number);
-      Optional<StoredRegistrationLock>     existingRegistrationLock  = existingAccount.map(Account::getRegistrationLock);
-      Optional<ExternalServiceCredentials> existingBackupCredentials = existingAccount.map(Account::getUuid)
-                                                                                      .map(uuid -> backupServiceCredentialGenerator.generateFor(uuid.toString()));
-
-      if (existingRegistrationLock.isPresent() && existingRegistrationLock.get().requiresClientRegistrationLock()) {
-        rateLimiters.getVerifyLimiter().clear(number);
-
-        if (!Util.isEmpty(accountAttributes.getRegistrationLock()) || !Util.isEmpty(accountAttributes.getPin())) {
-          rateLimiters.getPinLimiter().validate(number);
-        }
-
-        if (!existingRegistrationLock.get().verify(accountAttributes.getRegistrationLock(), accountAttributes.getPin())) {
-          throw new WebApplicationException(Response.status(423)
-                                                    .entity(new RegistrationLockFailure(existingRegistrationLock.get().getTimeRemaining(),
-                                                                                        existingRegistrationLock.get().needsFailureCredentials() ? existingBackupCredentials.orElseThrow() : null))
-                                                    .build());
-        }
-
-        rateLimiters.getPinLimiter().clear(number);
-      }
-
-      if (availableForTransfer.orElse(false) && existingAccount.map(Account::isTransferSupported).orElse(false)) {
-        throw new WebApplicationException(Response.status(409).build());
-      }
-
-      Account account = createAccount(number, password, signalAgent, accountAttributes);
-
-      {
-        metricRegistry.meter(name(AccountController.class, "verify", Util.getCountryCode(number))).mark();
-
-        final List<Tag> tags = new ArrayList<>();
-        tags.add(Tag.of(COUNTRY_CODE_TAG_NAME, Util.getCountryCode(number)));
-        tags.add(UserAgentTagUtil.getPlatformTag(userAgent));
-        tags.add(Tag.of(VERIFY_EXPERIMENT_TAG_NAME, String.valueOf(storedVerificationCode.get().getTwilioVerificationSid().isPresent())));
-
-        Metrics.counter(ACCOUNT_VERIFY_COUNTER_NAME, tags).increment();
-
-        Metrics.timer(name(AccountController.class, "verifyDuration"), tags)
-            .record(Instant.now().toEpochMilli() - storedVerificationCode.get().getTimestamp(), TimeUnit.MILLISECONDS);
-      }
-
-      return new AccountCreationResult(account.getUuid(), existingAccount.map(Account::isStorageSupported).orElse(false));
-    } catch (InvalidAuthorizationHeaderException e) {
-      logger.info("Bad Authorization Header", e);
-      throw new WebApplicationException(Response.status(401).build());
+    if (storedVerificationCode.isEmpty() || !storedVerificationCode.get().isValid(verificationCode)) {
+      throw new WebApplicationException(Response.status(403).build());
     }
+
+    storedVerificationCode.flatMap(StoredVerificationCode::getTwilioVerificationSid)
+        .ifPresent(smsSender::reportVerificationSucceeded);
+
+      Optional<Account> existingAccount = accounts.getByE164(number);
+
+    if (existingAccount.isPresent()) {
+      verifyRegistrationLock(existingAccount.get(), accountAttributes.getRegistrationLock());
+    }
+
+    if (availableForTransfer.orElse(false) && existingAccount.map(Account::isTransferSupported).orElse(false)) {
+      throw new WebApplicationException(Response.status(409).build());
+    }
+
+    rateLimiters.getVerifyLimiter().clear(number);
+
+    Account account = accounts.create(number, password, signalAgent, accountAttributes,
+        existingAccount.map(Account::getBadges).orElseGet(ArrayList::new));
+
+    {
+      metricRegistry.meter(name(AccountController.class, "verify", Util.getCountryCode(number))).mark();
+
+      final List<Tag> tags = new ArrayList<>();
+      tags.add(Tag.of(COUNTRY_CODE_TAG_NAME, Util.getCountryCode(number)));
+      tags.add(UserAgentTagUtil.getPlatformTag(userAgent));
+      tags.add(Tag.of(VERIFY_EXPERIMENT_TAG_NAME, String.valueOf(storedVerificationCode.get().getTwilioVerificationSid().isPresent())));
+
+      Metrics.counter(ACCOUNT_VERIFY_COUNTER_NAME, tags).increment();
+
+      Metrics.timer(name(AccountController.class, "verifyDuration"), tags)
+          .record(Instant.now().toEpochMilli() - storedVerificationCode.get().getTimestamp(), TimeUnit.MILLISECONDS);
+    }
+
+    return new AccountCreationResult(account.getUuid(),
+        account.getNumber(),
+        account.getPhoneNumberIdentifier(),
+        account.getUsername().orElse(null),
+        existingAccount.map(Account::isStorageSupported).orElse(false));
+  }
+
+  @Timed
+  @PUT
+  @Path("/number")
+  @Produces(MediaType.APPLICATION_JSON)
+  public void changeNumber(@Auth final AuthenticatedAccount authenticatedAccount, @Valid final ChangePhoneNumberRequest request)
+      throws RateLimitExceededException, InterruptedException, ImpossiblePhoneNumberException, NonNormalizedPhoneNumberException {
+
+    if (request.getNumber().equals(authenticatedAccount.getAccount().getNumber())) {
+      // This may be a request that got repeated due to poor network conditions or other client error; take no action,
+      // but report success since the account is in the desired state
+      return;
+    }
+
+    Util.requireNormalizedNumber(request.getNumber());
+
+    rateLimiters.getVerifyLimiter().validate(request.getNumber());
+
+    final Optional<StoredVerificationCode> storedVerificationCode =
+        pendingAccounts.getCodeForNumber(request.getNumber());
+
+    if (storedVerificationCode.isEmpty() || !storedVerificationCode.get().isValid(request.getCode())) {
+      throw new WebApplicationException(Response.status(403).build());
+    }
+
+    storedVerificationCode.flatMap(StoredVerificationCode::getTwilioVerificationSid)
+        .ifPresent(smsSender::reportVerificationSucceeded);
+
+    final Optional<Account> existingAccount = accounts.getByE164(request.getNumber());
+
+    if (existingAccount.isPresent()) {
+      verifyRegistrationLock(existingAccount.get(), request.getRegistrationLock());
+    }
+
+    rateLimiters.getVerifyLimiter().clear(request.getNumber());
+
+    accounts.changeNumber(authenticatedAccount.getAccount(), request.getNumber());
   }
 
   @Timed
   @GET
   @Path("/turn/")
   @Produces(MediaType.APPLICATION_JSON)
-  public TurnToken getTurnToken(@Auth Account account) throws RateLimitExceededException {
-    rateLimiters.getTurnLimiter().validate(account.getNumber());
+  public TurnToken getTurnToken(@Auth AuthenticatedAccount auth) throws RateLimitExceededException {
+    rateLimiters.getTurnLimiter().validate(auth.getAccount().getUuid());
     return turnTokenGenerator.generate();
   }
 
@@ -427,221 +446,249 @@ public class AccountController {
   @PUT
   @Path("/gcm/")
   @Consumes(MediaType.APPLICATION_JSON)
-  public void setGcmRegistrationId(@Auth DisabledPermittedAccount disabledPermittedAccount, @Valid GcmRegistrationId registrationId) {
-    Account account           = disabledPermittedAccount.getAccount();
-    Device  device            = account.getAuthenticatedDevice().get();
-    boolean wasAccountEnabled = account.isEnabled();
+  @ChangesDeviceEnabledState
+  public void setGcmRegistrationId(@Auth DisabledPermittedAuthenticatedAccount disabledPermittedAuth,
+      @Valid GcmRegistrationId registrationId) {
+    Account account = disabledPermittedAuth.getAccount();
+    Device device = disabledPermittedAuth.getAuthenticatedDevice();
 
     if (device.getGcmId() != null &&
-        device.getGcmId().equals(registrationId.getGcmRegistrationId()))
-    {
+        device.getGcmId().equals(registrationId.getGcmRegistrationId())) {
       return;
     }
 
-    device.setApnId(null);
-    device.setVoipApnId(null);
-    device.setGcmId(registrationId.getGcmRegistrationId());
-    device.setFetchesMessages(false);
-
-    accounts.update(account);
-
-    if (!wasAccountEnabled && account.isEnabled()) {
-      directoryQueue.refreshRegisteredUser(account);
-    }
+    accounts.updateDevice(account, device.getId(), d -> {
+      d.setApnId(null);
+      d.setVoipApnId(null);
+      d.setGcmId(registrationId.getGcmRegistrationId());
+      d.setFetchesMessages(false);
+    });
   }
 
   @Timed
   @DELETE
   @Path("/gcm/")
-  public void deleteGcmRegistrationId(@Auth DisabledPermittedAccount disabledPermittedAccount) {
-    Account account = disabledPermittedAccount.getAccount();
-    Device  device  = account.getAuthenticatedDevice().get();
-    device.setGcmId(null);
-    device.setFetchesMessages(false);
-    device.setUserAgent("OWA");
+  @ChangesDeviceEnabledState
+  public void deleteGcmRegistrationId(@Auth DisabledPermittedAuthenticatedAccount disabledPermittedAuth) {
+    Account account = disabledPermittedAuth.getAccount();
+    Device device = disabledPermittedAuth.getAuthenticatedDevice();
 
-    accounts.update(account);
-    directoryQueue.refreshRegisteredUser(account);
+    accounts.updateDevice(account, device.getId(), d -> {
+      d.setGcmId(null);
+      d.setFetchesMessages(false);
+      d.setUserAgent("OWA");
+    });
   }
 
   @Timed
   @PUT
   @Path("/apn/")
   @Consumes(MediaType.APPLICATION_JSON)
-  public void setApnRegistrationId(@Auth DisabledPermittedAccount disabledPermittedAccount, @Valid ApnRegistrationId registrationId) {
-    Account account           = disabledPermittedAccount.getAccount();
-    Device  device            = account.getAuthenticatedDevice().get();
-    boolean wasAccountEnabled = account.isEnabled();
+  @ChangesDeviceEnabledState
+  public void setApnRegistrationId(@Auth DisabledPermittedAuthenticatedAccount disabledPermittedAuth,
+      @Valid ApnRegistrationId registrationId) {
+    Account account = disabledPermittedAuth.getAccount();
+    Device device = disabledPermittedAuth.getAuthenticatedDevice();
 
-    device.setApnId(registrationId.getApnRegistrationId());
-    device.setVoipApnId(registrationId.getVoipRegistrationId());
-    device.setGcmId(null);
-    device.setFetchesMessages(false);
-    accounts.update(account);
-
-    if (!wasAccountEnabled && account.isEnabled()) {
-      directoryQueue.refreshRegisteredUser(account);
-    }
+    accounts.updateDevice(account, device.getId(), d -> {
+      d.setApnId(registrationId.getApnRegistrationId());
+      d.setVoipApnId(registrationId.getVoipRegistrationId());
+      d.setGcmId(null);
+      d.setFetchesMessages(false);
+    });
   }
 
   @Timed
   @DELETE
   @Path("/apn/")
-  public void deleteApnRegistrationId(@Auth DisabledPermittedAccount disabledPermittedAccount) {
-    Account account = disabledPermittedAccount.getAccount();
-    Device  device  = account.getAuthenticatedDevice().get();
-    device.setApnId(null);
-    device.setFetchesMessages(false);
-    if (device.getId() == 1) {
-      device.setUserAgent("OWI");
-    } else {
-      device.setUserAgent("OWP");
-    }
+  @ChangesDeviceEnabledState
+  public void deleteApnRegistrationId(@Auth DisabledPermittedAuthenticatedAccount disabledPermittedAuth) {
+    Account account = disabledPermittedAuth.getAccount();
+    Device device = disabledPermittedAuth.getAuthenticatedDevice();
 
-    accounts.update(account);
-    directoryQueue.refreshRegisteredUser(account);
+    accounts.updateDevice(account, device.getId(), d -> {
+      d.setApnId(null);
+      d.setFetchesMessages(false);
+      if (d.getId() == 1) {
+        d.setUserAgent("OWI");
+      } else {
+        d.setUserAgent("OWP");
+      }
+    });
   }
 
   @Timed
   @PUT
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/registration_lock")
-  public void setRegistrationLock(@Auth Account account, @Valid RegistrationLock accountLock) {
+  public void setRegistrationLock(@Auth AuthenticatedAccount auth, @Valid RegistrationLock accountLock) {
     AuthenticationCredentials credentials = new AuthenticationCredentials(accountLock.getRegistrationLock());
-    account.setRegistrationLock(credentials.getHashedAuthenticationToken(), credentials.getSalt());
-    account.setPin(null);
 
-    accounts.update(account);
+    accounts.update(auth.getAccount(),
+        a -> a.setRegistrationLock(credentials.getHashedAuthenticationToken(), credentials.getSalt()));
   }
 
   @Timed
   @DELETE
   @Path("/registration_lock")
-  public void removeRegistrationLock(@Auth Account account) {
-    account.setRegistrationLock(null, null);
-    accounts.update(account);
-  }
-
-  @Timed
-  @PUT
-  @Produces(MediaType.APPLICATION_JSON)
-  @Path("/pin/")
-  public void setPin(@Auth Account account, @Valid DeprecatedPin accountLock) {
-    account.setPin(accountLock.getPin());
-    account.setRegistrationLock(null, null);
-
-    accounts.update(account);
-  }
-
-  @Timed
-  @DELETE
-  @Path("/pin/")
-  public void removePin(@Auth Account account) {
-    account.setPin(null);
-    accounts.update(account);
+  public void removeRegistrationLock(@Auth AuthenticatedAccount auth) {
+    accounts.update(auth.getAccount(), a -> a.setRegistrationLock(null, null));
   }
 
   @Timed
   @PUT
   @Path("/name/")
-  public void setName(@Auth DisabledPermittedAccount disabledPermittedAccount, @Valid DeviceName deviceName) {
-    Account account = disabledPermittedAccount.getAccount();
-    account.getAuthenticatedDevice().get().setName(deviceName.getDeviceName());
-    accounts.update(account);
+  public void setName(@Auth DisabledPermittedAuthenticatedAccount disabledPermittedAuth, @Valid DeviceName deviceName) {
+    Account account = disabledPermittedAuth.getAccount();
+    Device device = disabledPermittedAuth.getAuthenticatedDevice();
+    accounts.updateDevice(account, device.getId(), d -> d.setName(deviceName.getDeviceName()));
   }
 
   @Timed
   @DELETE
   @Path("/signaling_key")
-  public void removeSignalingKey(@Auth DisabledPermittedAccount disabledPermittedAccount) {
+  public void removeSignalingKey(@Auth DisabledPermittedAuthenticatedAccount disabledPermittedAuth) {
   }
 
   @Timed
   @PUT
   @Path("/attributes/")
   @Consumes(MediaType.APPLICATION_JSON)
-  public void setAccountAttributes(@Auth DisabledPermittedAccount disabledPermittedAccount,
-                                   @HeaderParam("X-Signal-Agent") String userAgent,
-                                   @Valid AccountAttributes attributes)
-  {
-    Account account = disabledPermittedAccount.getAccount();
-    Device  device  = account.getAuthenticatedDevice().get();
+  @Produces(MediaType.APPLICATION_JSON)
+  @ChangesDeviceEnabledState
+  public void setAccountAttributes(@Auth DisabledPermittedAuthenticatedAccount disabledPermittedAuth,
+      @HeaderParam("X-Signal-Agent") String userAgent,
+      @Valid AccountAttributes attributes) {
+    Account account = disabledPermittedAuth.getAccount();
+    long deviceId = disabledPermittedAuth.getAuthenticatedDevice().getId();
 
-    device.setFetchesMessages(attributes.getFetchesMessages());
-    device.setName(attributes.getName());
-    device.setLastSeen(Util.todayInMillis());
-    device.setCapabilities(attributes.getCapabilities());
-    device.setRegistrationId(attributes.getRegistrationId());
-    device.setUserAgent(userAgent);
+    // temporary: For deterministic updates during the DynamoDB migration, use a fully parameterized registration lock
+    @Nullable final AuthenticationCredentials registrationLockCredentials =
+        Util.isEmpty(attributes.getRegistrationLock()) ? null
+            : new AuthenticationCredentials(attributes.getRegistrationLock());
 
-    setAccountRegistrationLockFromAttributes(account, attributes);
+    accounts.update(account, a -> {
+      a.getDevice(deviceId).ifPresent(d -> {
+        d.setFetchesMessages(attributes.getFetchesMessages());
+        d.setName(attributes.getName());
+        d.setLastSeen(Util.todayInMillis());
+        d.setCapabilities(attributes.getCapabilities());
+        d.setRegistrationId(attributes.getRegistrationId());
+        d.setUserAgent(userAgent);
+      });
 
-    final boolean hasDiscoverabilityChange = (account.isDiscoverableByPhoneNumber() != attributes.isDiscoverableByPhoneNumber());
+      // temporary: for deterministic updates during the DynamoDB migration, use a fully parameterized registration lock
+      // a.setRegistrationLockFromAttributes(attributes);
+      if (registrationLockCredentials != null) {
+        a.setRegistrationLock(registrationLockCredentials.getHashedAuthenticationToken(),
+            registrationLockCredentials.getSalt());
+      } else {
+        a.setRegistrationLock(null, null);
+      }
 
-    account.setUnidentifiedAccessKey(attributes.getUnidentifiedAccessKey());
-    account.setUnrestrictedUnidentifiedAccess(attributes.isUnrestrictedUnidentifiedAccess());
-    account.setDiscoverableByPhoneNumber(attributes.isDiscoverableByPhoneNumber());
-
-    accounts.update(account);
-
-    if (hasDiscoverabilityChange) {
-      directoryQueue.refreshRegisteredUser(account);
-    }
+      a.setUnidentifiedAccessKey(attributes.getUnidentifiedAccessKey());
+      a.setUnrestrictedUnidentifiedAccess(attributes.isUnrestrictedUnidentifiedAccess());
+      a.setDiscoverableByPhoneNumber(attributes.isDiscoverableByPhoneNumber());
+    });
   }
 
   @GET
   @Path("/me")
   @Produces(MediaType.APPLICATION_JSON)
-  public AccountCreationResult getMe(@Auth Account account) {
-    return whoAmI(account);
+  public AccountCreationResult getMe(@Auth AuthenticatedAccount auth) {
+    return whoAmI(auth);
   }
 
   @GET
   @Path("/whoami")
   @Produces(MediaType.APPLICATION_JSON)
-  public AccountCreationResult whoAmI(@Auth Account account) {
-    return new AccountCreationResult(account.getUuid(), account.isStorageSupported());
+  public AccountCreationResult whoAmI(@Auth AuthenticatedAccount auth) {
+    return new AccountCreationResult(auth.getAccount().getUuid(),
+        auth.getAccount().getNumber(),
+        auth.getAccount().getPhoneNumberIdentifier(),
+        auth.getAccount().getUsername().orElse(null),
+        auth.getAccount().isStorageSupported());
   }
 
   @DELETE
   @Path("/username")
   @Produces(MediaType.APPLICATION_JSON)
-  public void deleteUsername(@Auth Account account) {
-    usernames.delete(account.getUuid());
+  public void deleteUsername(@Auth AuthenticatedAccount auth) {
+    accounts.clearUsername(auth.getAccount());
   }
 
   @PUT
   @Path("/username/{username}")
   @Produces(MediaType.APPLICATION_JSON)
-  public Response setUsername(@Auth Account account, @PathParam("username") String username) throws RateLimitExceededException {
-    rateLimiters.getUsernameSetLimiter().validate(account.getUuid().toString());
+  public Response setUsername(@Auth AuthenticatedAccount auth, @PathParam("username") @Username String username)
+      throws RateLimitExceededException {
+    rateLimiters.getUsernameSetLimiter().validate(auth.getAccount().getUuid());
 
-    if (username == null || username.isEmpty()) {
-      return Response.status(Response.Status.BAD_REQUEST).build();
-    }
-
-    username = username.toLowerCase();
-
-    if (!username.matches("^[a-z_][a-z0-9_]+$")) {
-      return Response.status(Response.Status.BAD_REQUEST).build();
-    }
-
-    if (!usernames.put(account.getUuid(), username)) {
+    try {
+      accounts.setUsername(auth.getAccount(), username);
+    } catch (final UsernameNotAvailableException e) {
       return Response.status(Response.Status.CONFLICT).build();
     }
 
     return Response.ok().build();
   }
 
+  @HEAD
+  @Path("/account/{uuid}")
+  public Response accountExists(
+      @HeaderParam("X-Forwarded-For") final String forwardedFor,
+      @PathParam("uuid") final UUID uuid,
+      @Context HttpServletRequest request) throws RateLimitExceededException {
+
+    // Disallow clients from making authenticated requests to this endpoint
+    if (StringUtils.isNotBlank(request.getHeader("Authorization"))) {
+      throw new BadRequestException();
+    }
+
+    final String mostRecentProxy = ForwardedIpUtil.getMostRecentProxy(forwardedFor)
+        .orElseThrow(() -> new RateLimitExceededException(Duration.ofHours(1)));
+
+    rateLimiters.getCheckAccountExistenceLimiter().validate(mostRecentProxy);
+
+    final Status status = accounts.getByAccountIdentifier(uuid)
+        .or(() -> accounts.getByPhoneNumberIdentifier(uuid))
+        .isPresent() ? Status.OK : Status.NOT_FOUND;
+
+    return Response.status(status).build();
+  }
+
+  private void verifyRegistrationLock(final Account existingAccount, @Nullable final String clientRegistrationLock)
+      throws RateLimitExceededException, WebApplicationException {
+
+    final StoredRegistrationLock existingRegistrationLock = existingAccount.getRegistrationLock();
+    final ExternalServiceCredentials existingBackupCredentials =
+        backupServiceCredentialGenerator.generateFor(existingAccount.getUuid().toString());
+
+    if (existingRegistrationLock.requiresClientRegistrationLock()) {
+      if (!Util.isEmpty(clientRegistrationLock)) {
+        rateLimiters.getPinLimiter().validate(existingAccount.getNumber());
+      }
+
+      if (!existingRegistrationLock.verify(clientRegistrationLock)) {
+        throw new WebApplicationException(Response.status(423)
+            .entity(new RegistrationLockFailure(existingRegistrationLock.getTimeRemaining(),
+                existingRegistrationLock.needsFailureCredentials() ? existingBackupCredentials : null))
+            .build());
+      }
+
+      rateLimiters.getPinLimiter().clear(existingAccount.getNumber());
+    }
+  }
+
   private CaptchaRequirement requiresCaptcha(String number, String transport, String forwardedFor,
-                                             String requester,
+                                             String                           sourceHost,
                                              Optional<String>                 captchaToken,
                                              Optional<StoredVerificationCode> storedVerificationCode,
                                              Optional<String>                 pushChallenge)
   {
 
     if (captchaToken.isPresent()) {
-      boolean validToken = recaptchaClient.verify(captchaToken.get(), requester);
+      boolean validToken = recaptchaClient.verify(captchaToken.get(), sourceHost);
 
       if (validToken) {
         captchaSuccessMeter.mark();
@@ -679,18 +726,18 @@ public class AccountController {
       }
     }
 
-    List<AbusiveHostRule> abuseRules = abusiveHostRules.getAbusiveHostRulesFor(requester);
+    List<AbusiveHostRule> abuseRules = abusiveHostRules.getAbusiveHostRulesFor(sourceHost);
 
     for (AbusiveHostRule abuseRule : abuseRules) {
-      if (abuseRule.isBlocked()) {
-        logger.info("Blocked host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")");
+      if (abuseRule.blocked()) {
+        logger.info("Blocked host: {}, {}, {} ({})", transport, number, sourceHost, forwardedFor);
         blockedHostMeter.mark();
         return new CaptchaRequirement(true, false);
       }
 
-      if (!abuseRule.getRegions().isEmpty()) {
-        if (abuseRule.getRegions().stream().noneMatch(number::startsWith)) {
-          logger.info("Restricted host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")");
+      if (!abuseRule.regions().isEmpty()) {
+        if (abuseRule.regions().stream().noneMatch(number::startsWith)) {
+          logger.info("Restricted host: {}, {}, {} ({})", transport, number, sourceHost, forwardedFor);
           filteredHostMeter.mark();
           return new CaptchaRequirement(true, false);
         }
@@ -698,9 +745,9 @@ public class AccountController {
     }
 
     try {
-      rateLimiters.getSmsVoiceIpLimiter().validate(requester);
+      rateLimiters.getSmsVoiceIpLimiter().validate(sourceHost);
     } catch (RateLimitExceededException e) {
-      logger.info("Rate limited exceeded: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")");
+      logger.info("Rate limit exceeded: {}, {}, {} ({})", transport, number, sourceHost, forwardedFor);
       rateLimitedHostMeter.mark();
       return new CaptchaRequirement(true, true);
     }
@@ -708,7 +755,7 @@ public class AccountController {
     try {
       rateLimiters.getSmsVoicePrefixLimiter().validate(Util.getNumberPrefix(number));
     } catch (RateLimitExceededException e) {
-      logger.info("Prefix rate limit exceeded: " + transport + ", " + number + ", (" + forwardedFor + ")");
+      logger.info("Prefix rate limit exceeded: {}, {}, {} ({})", transport, number, sourceHost, forwardedFor);
       rateLimitedPrefixMeter.mark();
       return new CaptchaRequirement(true, true);
     }
@@ -724,13 +771,13 @@ public class AccountController {
   @Timed
   @DELETE
   @Path("/me")
-  public void deleteAccount(@Auth Account account) {
-    accounts.delete(account, AccountsManager.DeletionReason.USER_REQUEST);
+  public void deleteAccount(@Auth AuthenticatedAccount auth) throws InterruptedException {
+    accounts.delete(auth.getAccount(), AccountsManager.DeletionReason.USER_REQUEST);
   }
 
-  private boolean shouldAutoBlock(String requester) {
+  private boolean shouldAutoBlock(String sourceHost) {
     try {
-      rateLimiters.getAutoBlockLimiter().validate(requester);
+      rateLimiters.getAutoBlockLimiter().validate(sourceHost);
     } catch (RateLimitExceededException e) {
       return true;
     }
@@ -738,52 +785,6 @@ public class AccountController {
     return false;
   }
 
-  private Account createAccount(String number, String password, String signalAgent, AccountAttributes accountAttributes) {
-    Optional<Account> maybeExistingAccount = accounts.get(number);
-
-    Device device = new Device();
-    device.setId(Device.MASTER_ID);
-    device.setAuthenticationCredentials(new AuthenticationCredentials(password));
-    device.setFetchesMessages(accountAttributes.getFetchesMessages());
-    device.setRegistrationId(accountAttributes.getRegistrationId());
-    device.setName(accountAttributes.getName());
-    device.setCapabilities(accountAttributes.getCapabilities());
-    device.setCreated(System.currentTimeMillis());
-    device.setLastSeen(Util.todayInMillis());
-    device.setUserAgent(signalAgent);
-
-    Account account = new Account();
-    account.setNumber(number);
-    account.setUuid(UUID.randomUUID());
-    account.addDevice(device);
-    setAccountRegistrationLockFromAttributes(account, accountAttributes);
-    account.setUnidentifiedAccessKey(accountAttributes.getUnidentifiedAccessKey());
-    account.setUnrestrictedUnidentifiedAccess(accountAttributes.isUnrestrictedUnidentifiedAccess());
-    account.setDiscoverableByPhoneNumber(accountAttributes.isDiscoverableByPhoneNumber());
-
-    if (accounts.create(account)) {
-      newUserMeter.mark();
-    }
-
-    directoryQueue.refreshRegisteredUser(account);
-    maybeExistingAccount.ifPresent(definitelyExistingAccount -> messagesManager.clear(definitelyExistingAccount.getUuid()));
-    pendingAccounts.remove(number);
-
-    return account;
-  }
-
-  private void setAccountRegistrationLockFromAttributes(Account account, @Valid AccountAttributes attributes) {
-    if (!Util.isEmpty(attributes.getPin())) {
-      account.setPin(attributes.getPin());
-    } else if (!Util.isEmpty(attributes.getRegistrationLock())) {
-      AuthenticationCredentials credentials = new AuthenticationCredentials(attributes.getRegistrationLock());
-      account.setRegistrationLock(credentials.getHashedAuthenticationToken(), credentials.getSalt());
-    } else {
-      account.setPin(null);
-      account.setRegistrationLock(null, null);
-    }
-  }
-
   @VisibleForTesting protected
   VerificationCode generateVerificationCode(String number) {
     if (testDevices.containsKey(number)) {

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AttachmentControllerV1.java

@@ -1,29 +1,27 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm.controllers;
 
 import com.amazonaws.HttpMethod;
 import com.codahale.metrics.annotation.Timed;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV1;
-import org.whispersystems.textsecuregcm.entities.AttachmentUri;
-import org.whispersystems.textsecuregcm.limits.RateLimiters;
-import org.whispersystems.textsecuregcm.s3.UrlSigner;
-import org.whispersystems.textsecuregcm.storage.Account;
-
+import io.dropwizard.auth.Auth;
+import java.io.IOException;
+import java.net.URL;
+import java.util.stream.Stream;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import java.io.IOException;
-import java.net.URL;
-import java.util.stream.Stream;
-
-import io.dropwizard.auth.Auth;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV1;
+import org.whispersystems.textsecuregcm.entities.AttachmentUri;
+import org.whispersystems.textsecuregcm.limits.RateLimiters;
+import org.whispersystems.textsecuregcm.s3.UrlSigner;
 
 
 @Path("/v1/attachments")
@@ -35,25 +33,25 @@ public class AttachmentControllerV1 extends AttachmentControllerBase {
   private static final String[] UNACCELERATED_REGIONS = {"+20", "+971", "+968", "+974"};
 
   private final RateLimiters rateLimiters;
-  private final UrlSigner    urlSigner;
+  private final UrlSigner urlSigner;
 
   public AttachmentControllerV1(RateLimiters rateLimiters, String accessKey, String accessSecret, String bucket) {
     this.rateLimiters = rateLimiters;
-    this.urlSigner    = new UrlSigner(accessKey, accessSecret, bucket);
+    this.urlSigner = new UrlSigner(accessKey, accessSecret, bucket);
   }
 
   @Timed
   @GET
   @Produces(MediaType.APPLICATION_JSON)
-  public AttachmentDescriptorV1 allocateAttachment(@Auth Account account)
-      throws RateLimitExceededException
-  {
-    if (account.isRateLimited()) {
-      rateLimiters.getAttachmentLimiter().validate(account.getNumber());
+  public AttachmentDescriptorV1 allocateAttachment(@Auth AuthenticatedAccount auth)
+      throws RateLimitExceededException {
+    if (auth.getAccount().isRateLimited()) {
+      rateLimiters.getAttachmentLimiter().validate(auth.getAccount().getUuid());
     }
 
     long attachmentId = generateAttachmentId();
-    URL  url          = urlSigner.getPreSignedUrl(attachmentId, HttpMethod.PUT, Stream.of(UNACCELERATED_REGIONS).anyMatch(region -> account.getNumber().startsWith(region)));
+    URL url = urlSigner.getPreSignedUrl(attachmentId, HttpMethod.PUT,
+        Stream.of(UNACCELERATED_REGIONS).anyMatch(region -> auth.getAccount().getNumber().startsWith(region)));
 
     return new AttachmentDescriptorV1(attachmentId, url.toExternalForm());
 
@@ -63,11 +61,11 @@ public class AttachmentControllerV1 extends AttachmentControllerBase {
   @GET
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/{attachmentId}")
-  public AttachmentUri redirectToAttachment(@Auth                      Account account,
-                                            @PathParam("attachmentId") long    attachmentId)
-      throws IOException
-  {
-    return new AttachmentUri(urlSigner.getPreSignedUrl(attachmentId, HttpMethod.GET, Stream.of(UNACCELERATED_REGIONS).anyMatch(region -> account.getNumber().startsWith(region))));
+  public AttachmentUri redirectToAttachment(@Auth AuthenticatedAccount auth,
+      @PathParam("attachmentId") long attachmentId)
+      throws IOException {
+    return new AttachmentUri(urlSigner.getPreSignedUrl(attachmentId, HttpMethod.GET,
+        Stream.of(UNACCELERATED_REGIONS).anyMatch(region -> auth.getAccount().getNumber().startsWith(region))));
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AttachmentControllerV2.java

@@ -1,28 +1,26 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.controllers;
 
 import com.codahale.metrics.annotation.Timed;
+import io.dropwizard.auth.Auth;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV2;
 import org.whispersystems.textsecuregcm.limits.RateLimiter;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
 import org.whispersystems.textsecuregcm.s3.PolicySigner;
 import org.whispersystems.textsecuregcm.s3.PostPolicyGenerator;
-import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.util.Pair;
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.MediaType;
-import java.time.ZoneOffset;
-import java.time.ZonedDateTime;
-
-import io.dropwizard.auth.Auth;
-
 @Path("/v2/attachments")
 public class AttachmentControllerV2 extends AttachmentControllerBase {
 
@@ -40,19 +38,20 @@ public class AttachmentControllerV2 extends AttachmentControllerBase {
   @GET
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/form/upload")
-  public AttachmentDescriptorV2 getAttachmentUploadForm(@Auth Account account) throws RateLimitExceededException {
-    rateLimiter.validate(account.getNumber());
+  public AttachmentDescriptorV2 getAttachmentUploadForm(@Auth AuthenticatedAccount auth)
+      throws RateLimitExceededException {
+    rateLimiter.validate(auth.getAccount().getUuid());
 
-    ZonedDateTime        now          = ZonedDateTime.now(ZoneOffset.UTC);
-    long                 attachmentId = generateAttachmentId();
-    String               objectName   = String.valueOf(attachmentId);
-    Pair<String, String> policy       = policyGenerator.createFor(now, String.valueOf(objectName), 100 * 1024 * 1024);
-    String               signature    = policySigner.getSignature(now, policy.second());
+    ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
+    long attachmentId = generateAttachmentId();
+    String objectName = String.valueOf(attachmentId);
+    Pair<String, String> policy = policyGenerator.createFor(now, String.valueOf(objectName), 100 * 1024 * 1024);
+    String signature = policySigner.getSignature(now, policy.second());
 
     return new AttachmentDescriptorV2(attachmentId, objectName, policy.first(),
-                                      "private", "AWS4-HMAC-SHA256",
-                                      now.format(PostPolicyGenerator.AWS_DATE_TIME),
-                                      policy.second(), signature);
+        "private", "AWS4-HMAC-SHA256",
+        now.format(PostPolicyGenerator.AWS_DATE_TIME),
+        policy.second(), signature);
   }
 
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AttachmentControllerV3.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
@@ -7,19 +7,6 @@ package org.whispersystems.textsecuregcm.controllers;
 
 import com.codahale.metrics.annotation.Timed;
 import io.dropwizard.auth.Auth;
-import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV3;
-import org.whispersystems.textsecuregcm.gcp.CanonicalRequest;
-import org.whispersystems.textsecuregcm.gcp.CanonicalRequestGenerator;
-import org.whispersystems.textsecuregcm.gcp.CanonicalRequestSigner;
-import org.whispersystems.textsecuregcm.limits.RateLimiter;
-import org.whispersystems.textsecuregcm.limits.RateLimiters;
-import org.whispersystems.textsecuregcm.storage.Account;
-
-import javax.annotation.Nonnull;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.MediaType;
 import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.SecureRandom;
@@ -29,6 +16,18 @@ import java.time.ZonedDateTime;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
+import javax.annotation.Nonnull;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV3;
+import org.whispersystems.textsecuregcm.gcp.CanonicalRequest;
+import org.whispersystems.textsecuregcm.gcp.CanonicalRequestGenerator;
+import org.whispersystems.textsecuregcm.gcp.CanonicalRequestSigner;
+import org.whispersystems.textsecuregcm.limits.RateLimiter;
+import org.whispersystems.textsecuregcm.limits.RateLimiters;
 
 @Path("/v3/attachments")
 public class AttachmentControllerV3 extends AttachmentControllerBase {
@@ -45,26 +44,29 @@ public class AttachmentControllerV3 extends AttachmentControllerBase {
   @Nonnull
   private final SecureRandom secureRandom;
 
-  public AttachmentControllerV3(@Nonnull RateLimiters rateLimiters, @Nonnull String domain, @Nonnull String email, int maxSizeInBytes, @Nonnull String pathPrefix, @Nonnull String rsaSigningKey)
+  public AttachmentControllerV3(@Nonnull RateLimiters rateLimiters, @Nonnull String domain, @Nonnull String email,
+      int maxSizeInBytes, @Nonnull String pathPrefix, @Nonnull String rsaSigningKey)
       throws IOException, InvalidKeyException, InvalidKeySpecException {
-    this.rateLimiter               = rateLimiters.getAttachmentLimiter();
+    this.rateLimiter = rateLimiters.getAttachmentLimiter();
     this.canonicalRequestGenerator = new CanonicalRequestGenerator(domain, email, maxSizeInBytes, pathPrefix);
-    this.canonicalRequestSigner    = new CanonicalRequestSigner(rsaSigningKey);
-    this.secureRandom              = new SecureRandom();
+    this.canonicalRequestSigner = new CanonicalRequestSigner(rsaSigningKey);
+    this.secureRandom = new SecureRandom();
   }
 
   @Timed
   @GET
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/form/upload")
-  public AttachmentDescriptorV3 getAttachmentUploadForm(@Auth Account account) throws RateLimitExceededException {
-    rateLimiter.validate(account.getNumber());
+  public AttachmentDescriptorV3 getAttachmentUploadForm(@Auth AuthenticatedAccount auth)
+      throws RateLimitExceededException {
+    rateLimiter.validate(auth.getAccount().getUuid());
 
-    final ZonedDateTime now                 = ZonedDateTime.now(ZoneOffset.UTC);
-    final String key                        = generateAttachmentKey();
+    final ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
+    final String key = generateAttachmentKey();
     final CanonicalRequest canonicalRequest = canonicalRequestGenerator.createFor(key, now);
 
-    return new AttachmentDescriptorV3(2, key, getHeaderMap(canonicalRequest), getSignedUploadLocation(canonicalRequest));
+    return new AttachmentDescriptorV3(2, key, getHeaderMap(canonicalRequest),
+        getSignedUploadLocation(canonicalRequest));
   }
 
   private String getSignedUploadLocation(@Nonnull CanonicalRequest canonicalRequest) {
@@ -74,11 +76,10 @@ public class AttachmentControllerV3 extends AttachmentControllerBase {
   }
 
   private static Map<String, String> getHeaderMap(@Nonnull CanonicalRequest canonicalRequest) {
-    Map<String, String> result = new HashMap<>(3);
-    result.put("host", canonicalRequest.getDomain());
-    result.put("x-goog-content-length-range", "1," + canonicalRequest.getMaxSizeInBytes());
-    result.put("x-goog-resumable", "start");
-    return result;
+    return Map.of(
+      "host", canonicalRequest.getDomain(),
+      "x-goog-content-length-range", "1," + canonicalRequest.getMaxSizeInBytes(),
+      "x-goog-resumable", "start");
   }
 
   private String generateAttachmentKey() {

service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java

@@ -1,21 +1,20 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.controllers;
 
+import static com.codahale.metrics.MetricRegistry.name;
+
 import com.codahale.metrics.annotation.Timed;
 import io.dropwizard.auth.Auth;
-import org.signal.zkgroup.auth.ServerZkAuthOperations;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.auth.CertificateGenerator;
-import org.whispersystems.textsecuregcm.entities.DeliveryCertificate;
-import org.whispersystems.textsecuregcm.entities.GroupCredentials;
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.util.Util;
-
+import io.micrometer.core.instrument.Metrics;
+import java.security.InvalidKeyException;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
@@ -24,65 +23,76 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Optional;
+import org.signal.zkgroup.auth.ServerZkAuthOperations;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.CertificateGenerator;
+import org.whispersystems.textsecuregcm.entities.DeliveryCertificate;
+import org.whispersystems.textsecuregcm.entities.GroupCredentials;
+import org.whispersystems.textsecuregcm.util.Util;
 
 @SuppressWarnings("OptionalUsedAsFieldOrParameterType")
 @Path("/v1/certificate")
 public class CertificateController {
 
-  private final Logger logger = LoggerFactory.getLogger(CertificateController.class);
-
   private final CertificateGenerator   certificateGenerator;
   private final ServerZkAuthOperations serverZkAuthOperations;
-  private final boolean                isZkEnabled;
 
-  public CertificateController(CertificateGenerator certificateGenerator, ServerZkAuthOperations serverZkAuthOperations, boolean isZkEnabled) {
+  private static final String GENERATE_DELIVERY_CERTIFICATE_COUNTER_NAME = name(CertificateGenerator.class, "generateCertificate");
+  private static final String INCLUDE_E164_TAG_NAME = "includeE164";
+
+  public CertificateController(CertificateGenerator certificateGenerator, ServerZkAuthOperations serverZkAuthOperations) {
     this.certificateGenerator   = certificateGenerator;
     this.serverZkAuthOperations = serverZkAuthOperations;
-    this.isZkEnabled            = isZkEnabled;
   }
 
   @Timed
   @GET
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/delivery")
-  public DeliveryCertificate getDeliveryCertificate(@Auth Account account,
-                                                    @QueryParam("includeE164") Optional<Boolean> includeE164)
-      throws IOException, InvalidKeyException
-  {
-    if (account.getAuthenticatedDevice().isEmpty()) {
-      throw new AssertionError();
-    }
-    if (Util.isEmpty(account.getIdentityKey())) {
+  public DeliveryCertificate getDeliveryCertificate(@Auth AuthenticatedAccount auth,
+      @QueryParam("includeE164") Optional<Boolean> maybeIncludeE164)
+      throws InvalidKeyException {
+    if (Util.isEmpty(auth.getAccount().getIdentityKey())) {
       throw new WebApplicationException(Response.Status.BAD_REQUEST);
     }
 
-    return new DeliveryCertificate(certificateGenerator.createFor(account, account.getAuthenticatedDevice().get(), includeE164.orElse(true)));
+    final boolean includeE164 = maybeIncludeE164.orElse(true);
+
+    Metrics.counter(GENERATE_DELIVERY_CERTIFICATE_COUNTER_NAME, INCLUDE_E164_TAG_NAME, String.valueOf(includeE164))
+        .increment();
+
+    return new DeliveryCertificate(
+        certificateGenerator.createFor(auth.getAccount(), auth.getAuthenticatedDevice(), includeE164));
   }
 
   @Timed
   @GET
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/group/{startRedemptionTime}/{endRedemptionTime}")
-  public GroupCredentials getAuthenticationCredentials(@Auth Account account,
-                                                       @PathParam("startRedemptionTime") int startRedemptionTime,
-                                                       @PathParam("endRedemptionTime") int endRedemptionTime)
-  {
-    if (!isZkEnabled)                                         throw new WebApplicationException(Response.Status.NOT_FOUND);
-    if (startRedemptionTime > endRedemptionTime)              throw new WebApplicationException(Response.Status.BAD_REQUEST);
-    if (endRedemptionTime > Util.currentDaysSinceEpoch() + 7) throw new WebApplicationException(Response.Status.BAD_REQUEST);
-    if (startRedemptionTime < Util.currentDaysSinceEpoch())   throw new WebApplicationException(Response.Status.BAD_REQUEST);
+  public GroupCredentials getAuthenticationCredentials(@Auth AuthenticatedAccount auth,
+      @PathParam("startRedemptionTime") int startRedemptionTime,
+      @PathParam("endRedemptionTime") int endRedemptionTime,
+      @QueryParam("identity") Optional<String> identityType) {
+    if (startRedemptionTime > endRedemptionTime) {
+      throw new WebApplicationException(Response.Status.BAD_REQUEST);
+    }
+    if (endRedemptionTime > Util.currentDaysSinceEpoch() + 7) {
+      throw new WebApplicationException(Response.Status.BAD_REQUEST);
+    }
+    if (startRedemptionTime < Util.currentDaysSinceEpoch()) {
+      throw new WebApplicationException(Response.Status.BAD_REQUEST);
+    }
 
     List<GroupCredentials.GroupCredential> credentials = new LinkedList<>();
 
-    for (int i=startRedemptionTime;i<=endRedemptionTime;i++) {
-      credentials.add(new GroupCredentials.GroupCredential(serverZkAuthOperations.issueAuthCredential(account.getUuid(), i)
-                                                                                 .serialize(),
-                                                           i));
+    final UUID identifier = identityType.map(String::toLowerCase).orElse("aci").equals("pni") ?
+        auth.getAccount().getPhoneNumberIdentifier() :
+        auth.getAccount().getUuid();
+
+    for (int i = startRedemptionTime; i <= endRedemptionTime; i++) {
+      credentials.add(new GroupCredentials.GroupCredential(
+          serverZkAuthOperations.issueAuthCredential(identifier, i).serialize(),
+          i));
     }
 
     return new GroupCredentials(credentials);

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ChallengeController.java

@@ -17,12 +17,12 @@ import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.entities.AnswerChallengeRequest;
 import org.whispersystems.textsecuregcm.entities.AnswerPushChallengeRequest;
 import org.whispersystems.textsecuregcm.entities.AnswerRecaptchaChallengeRequest;
 import org.whispersystems.textsecuregcm.limits.RateLimitChallengeManager;
 import org.whispersystems.textsecuregcm.push.NotPushRegisteredException;
-import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.util.ForwardedIpUtil;
 
 @Path("/v1/challenge")
@@ -38,7 +38,7 @@ public class ChallengeController {
   @PUT
   @Produces(MediaType.APPLICATION_JSON)
   @Consumes(MediaType.APPLICATION_JSON)
-  public Response handleChallengeResponse(@Auth final Account account,
+  public Response handleChallengeResponse(@Auth final AuthenticatedAccount auth,
       @Valid final AnswerChallengeRequest answerRequest,
       @HeaderParam("X-Forwarded-For") String forwardedFor) throws RetryLaterException {
 
@@ -46,14 +46,15 @@ public class ChallengeController {
       if (answerRequest instanceof AnswerPushChallengeRequest) {
         final AnswerPushChallengeRequest pushChallengeRequest = (AnswerPushChallengeRequest) answerRequest;
 
-        rateLimitChallengeManager.answerPushChallenge(account, pushChallengeRequest.getChallenge());
+        rateLimitChallengeManager.answerPushChallenge(auth.getAccount(), pushChallengeRequest.getChallenge());
       } else if (answerRequest instanceof AnswerRecaptchaChallengeRequest) {
         try {
 
           final AnswerRecaptchaChallengeRequest recaptchaChallengeRequest = (AnswerRecaptchaChallengeRequest) answerRequest;
           final String mostRecentProxy = ForwardedIpUtil.getMostRecentProxy(forwardedFor).orElseThrow();
 
-          rateLimitChallengeManager.answerRecaptchaChallenge(account, recaptchaChallengeRequest.getCaptcha(), mostRecentProxy);
+          rateLimitChallengeManager.answerRecaptchaChallenge(auth.getAccount(), recaptchaChallengeRequest.getCaptcha(),
+              mostRecentProxy);
 
         } catch (final NoSuchElementException e) {
           return Response.status(400).build();
@@ -69,9 +70,9 @@ public class ChallengeController {
   @Timed
   @POST
   @Path("/push")
-  public Response requestPushChallenge(@Auth final Account account) {
+  public Response requestPushChallenge(@Auth final AuthenticatedAccount auth) {
     try {
-      rateLimitChallengeManager.sendPushChallenge(account);
+      rateLimitChallengeManager.sendPushChallenge(auth.getAccount());
       return Response.status(200).build();
     } catch (final NotPushRegisteredException e) {
       return Response.status(404).build();

service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm.controllers;
@@ -7,29 +7,11 @@ package org.whispersystems.textsecuregcm.controllers;
 import com.codahale.metrics.annotation.Timed;
 import com.google.common.annotations.VisibleForTesting;
 import io.dropwizard.auth.Auth;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.auth.AuthenticationCredentials;
-import org.whispersystems.textsecuregcm.auth.AuthorizationHeader;
-import org.whispersystems.textsecuregcm.auth.InvalidAuthorizationHeaderException;
-import org.whispersystems.textsecuregcm.auth.StoredVerificationCode;
-import org.whispersystems.textsecuregcm.entities.AccountAttributes;
-import org.whispersystems.textsecuregcm.entities.DeviceInfo;
-import org.whispersystems.textsecuregcm.entities.DeviceInfoList;
-import org.whispersystems.textsecuregcm.entities.DeviceResponse;
-import org.whispersystems.textsecuregcm.limits.RateLimiters;
-import org.whispersystems.textsecuregcm.sqs.DirectoryQueue;
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-import org.whispersystems.textsecuregcm.storage.Device;
-import org.whispersystems.textsecuregcm.storage.Device.DeviceCapabilities;
-import org.whispersystems.textsecuregcm.storage.MessagesManager;
-import org.whispersystems.textsecuregcm.storage.PendingDevicesManager;
-import org.whispersystems.textsecuregcm.util.Util;
-import org.whispersystems.textsecuregcm.util.VerificationCode;
-import org.whispersystems.textsecuregcm.util.ua.UnrecognizedUserAgentException;
-import org.whispersystems.textsecuregcm.util.ua.UserAgentUtil;
-
+import java.security.SecureRandom;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
 import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
@@ -40,39 +22,56 @@ import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import java.security.SecureRandom;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
+import org.glassfish.jersey.server.ContainerRequest;
+import org.whispersystems.textsecuregcm.auth.AuthEnablementRefreshRequirementProvider;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticationCredentials;
+import org.whispersystems.textsecuregcm.auth.BasicAuthorizationHeader;
+import org.whispersystems.textsecuregcm.auth.ChangesDeviceEnabledState;
+import org.whispersystems.textsecuregcm.auth.StoredVerificationCode;
+import org.whispersystems.textsecuregcm.entities.AccountAttributes;
+import org.whispersystems.textsecuregcm.entities.DeviceInfo;
+import org.whispersystems.textsecuregcm.entities.DeviceInfoList;
+import org.whispersystems.textsecuregcm.entities.DeviceResponse;
+import org.whispersystems.textsecuregcm.limits.RateLimiters;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
+import org.whispersystems.textsecuregcm.storage.Device;
+import org.whispersystems.textsecuregcm.storage.Device.DeviceCapabilities;
+import org.whispersystems.textsecuregcm.storage.Keys;
+import org.whispersystems.textsecuregcm.storage.MessagesManager;
+import org.whispersystems.textsecuregcm.storage.StoredVerificationCodeManager;
+import org.whispersystems.textsecuregcm.util.Util;
+import org.whispersystems.textsecuregcm.util.VerificationCode;
+import org.whispersystems.textsecuregcm.util.ua.UnrecognizedUserAgentException;
+import org.whispersystems.textsecuregcm.util.ua.UserAgentUtil;
 
 @Path("/v1/devices")
 public class DeviceController {
 
-  private final Logger logger = LoggerFactory.getLogger(DeviceController.class);
-
   private static final int MAX_DEVICES = 6;
 
-  private final PendingDevicesManager pendingDevices;
+  private final StoredVerificationCodeManager pendingDevices;
   private final AccountsManager       accounts;
   private final MessagesManager       messages;
+  private final Keys keys;
   private final RateLimiters          rateLimiters;
   private final Map<String, Integer>  maxDeviceConfiguration;
-  private final DirectoryQueue        directoryQueue;
 
-  public DeviceController(PendingDevicesManager pendingDevices,
+  public DeviceController(StoredVerificationCodeManager pendingDevices,
                           AccountsManager accounts,
                           MessagesManager messages,
-                          DirectoryQueue directoryQueue,
+                          Keys keys,
                           RateLimiters rateLimiters,
                           Map<String, Integer> maxDeviceConfiguration)
   {
     this.pendingDevices         = pendingDevices;
     this.accounts               = accounts;
     this.messages               = messages;
-    this.directoryQueue         = directoryQueue;
+    this.keys                   = keys;
     this.rateLimiters           = rateLimiters;
     this.maxDeviceConfiguration = maxDeviceConfiguration;
   }
@@ -80,12 +79,12 @@ public class DeviceController {
   @Timed
   @GET
   @Produces(MediaType.APPLICATION_JSON)
-  public DeviceInfoList getDevices(@Auth Account account) {
+  public DeviceInfoList getDevices(@Auth AuthenticatedAccount auth) {
     List<DeviceInfo> devices = new LinkedList<>();
 
-    for (Device device : account.getDevices()) {
+    for (Device device : auth.getAccount().getDevices()) {
       devices.add(new DeviceInfo(device.getId(), device.getName(),
-                                 device.getLastSeen(), device.getCreated()));
+          device.getLastSeen(), device.getCreated()));
     }
 
     return new DeviceInfoList(devices);
@@ -94,14 +93,17 @@ public class DeviceController {
   @Timed
   @DELETE
   @Path("/{device_id}")
-  public void removeDevice(@Auth Account account, @PathParam("device_id") long deviceId) {
-    if (account.getAuthenticatedDevice().get().getId() != Device.MASTER_ID) {
+  @ChangesDeviceEnabledState
+  public void removeDevice(@Auth AuthenticatedAccount auth, @PathParam("device_id") long deviceId) {
+    Account account = auth.getAccount();
+    if (auth.getAuthenticatedDevice().getId() != Device.MASTER_ID) {
       throw new WebApplicationException(Response.Status.UNAUTHORIZED);
     }
 
-    account.removeDevice(deviceId);
-    accounts.update(account);
-    directoryQueue.refreshRegisteredUser(account);
+    messages.clear(account.getUuid(), deviceId);
+    account = accounts.update(account, a -> a.removeDevice(deviceId));
+    keys.delete(account.getUuid(), deviceId);
+    // ensure any messages that came in after the first clear() are also removed
     messages.clear(account.getUuid(), deviceId);
   }
 
@@ -109,10 +111,12 @@ public class DeviceController {
   @GET
   @Path("/provisioning/code")
   @Produces(MediaType.APPLICATION_JSON)
-  public VerificationCode createDeviceToken(@Auth Account account)
-      throws RateLimitExceededException, DeviceLimitExceededException
-  {
-    rateLimiters.getAllocateDeviceLimiter().validate(account.getNumber());
+  public VerificationCode createDeviceToken(@Auth AuthenticatedAccount auth)
+      throws RateLimitExceededException, DeviceLimitExceededException {
+
+    final Account account = auth.getAccount();
+
+    rateLimiters.getAllocateDeviceLimiter().validate(account.getUuid());
 
     int maxDeviceLimit = MAX_DEVICES;
 
@@ -124,13 +128,14 @@ public class DeviceController {
       throw new DeviceLimitExceededException(account.getDevices().size(), MAX_DEVICES);
     }
 
-    if (account.getAuthenticatedDevice().get().getId() != Device.MASTER_ID) {
+    if (auth.getAuthenticatedDevice().getId() != Device.MASTER_ID) {
       throw new WebApplicationException(Response.Status.UNAUTHORIZED);
     }
 
     VerificationCode       verificationCode       = generateVerificationCode();
     StoredVerificationCode storedVerificationCode = new StoredVerificationCode(verificationCode.getVerificationCode(),
                                                                                System.currentTimeMillis(),
+                                                                               null,
                                                                                null);
 
     pendingDevices.store(account.getNumber(), storedVerificationCode);
@@ -143,86 +148,87 @@ public class DeviceController {
   @Produces(MediaType.APPLICATION_JSON)
   @Consumes(MediaType.APPLICATION_JSON)
   @Path("/{verification_code}")
+  @ChangesDeviceEnabledState
   public DeviceResponse verifyDeviceToken(@PathParam("verification_code") String verificationCode,
-                                          @HeaderParam("Authorization")   String authorizationHeader,
-                                          @HeaderParam("User-Agent")      String userAgent,
-                                          @Valid                          AccountAttributes accountAttributes)
+                                          @HeaderParam("Authorization") BasicAuthorizationHeader authorizationHeader,
+                                          @HeaderParam("User-Agent") String userAgent,
+                                          @Valid AccountAttributes accountAttributes,
+                                          @Context ContainerRequest containerRequest)
       throws RateLimitExceededException, DeviceLimitExceededException
   {
-    try {
-      AuthorizationHeader header = AuthorizationHeader.fromFullHeader(authorizationHeader);
-      String number              = header.getIdentifier().getNumber();
-      String password            = header.getPassword();
 
-      if (number == null) throw new WebApplicationException(400);
+    String number = authorizationHeader.getUsername();
+    String password = authorizationHeader.getPassword();
 
-      rateLimiters.getVerifyDeviceLimiter().validate(number);
+    rateLimiters.getVerifyDeviceLimiter().validate(number);
 
-      Optional<StoredVerificationCode> storedVerificationCode = pendingDevices.getCodeForNumber(number);
+    Optional<StoredVerificationCode> storedVerificationCode = pendingDevices.getCodeForNumber(number);
 
-      if (!storedVerificationCode.isPresent() || !storedVerificationCode.get().isValid(verificationCode)) {
-        throw new WebApplicationException(Response.status(403).build());
-      }
-
-      Optional<Account> account = accounts.get(number);
-
-      if (!account.isPresent()) {
-        throw new WebApplicationException(Response.status(403).build());
-      }
-
-      int maxDeviceLimit = MAX_DEVICES;
-
-      if (maxDeviceConfiguration.containsKey(account.get().getNumber())) {
-        maxDeviceLimit = maxDeviceConfiguration.get(account.get().getNumber());
-      }
-
-      if (account.get().getEnabledDeviceCount() >= maxDeviceLimit) {
-        throw new DeviceLimitExceededException(account.get().getDevices().size(), MAX_DEVICES);
-      }
-
-      final DeviceCapabilities capabilities = accountAttributes.getCapabilities();
-      if (capabilities != null && isCapabilityDowngrade(account.get(), capabilities, userAgent)) {
-        throw new WebApplicationException(Response.status(409).build());
-      }
-
-      Device device = new Device();
-      device.setName(accountAttributes.getName());
-      device.setAuthenticationCredentials(new AuthenticationCredentials(password));
-      device.setFetchesMessages(accountAttributes.getFetchesMessages());
-      device.setId(account.get().getNextDeviceId());
-      device.setRegistrationId(accountAttributes.getRegistrationId());
-      device.setLastSeen(Util.todayInMillis());
-      device.setCreated(System.currentTimeMillis());
-      device.setCapabilities(accountAttributes.getCapabilities());
-
-      account.get().addDevice(device);
-      messages.clear(account.get().getUuid(), device.getId());
-      accounts.update(account.get());
-
-      pendingDevices.remove(number);
-
-      return new DeviceResponse(device.getId());
-    } catch (InvalidAuthorizationHeaderException e) {
-      logger.info("Bad Authorization Header", e);
-      throw new WebApplicationException(Response.status(401).build());
+    if (!storedVerificationCode.isPresent() || !storedVerificationCode.get().isValid(verificationCode)) {
+      throw new WebApplicationException(Response.status(403).build());
     }
+
+    Optional<Account> account = accounts.getByE164(number);
+
+    if (!account.isPresent()) {
+      throw new WebApplicationException(Response.status(403).build());
+    }
+
+    // Normally, the the "do we need to refresh somebody's websockets" listener can do this on its own. In this case,
+    // we're not using the conventional authentication system, and so we need to give it a hint so it knows who the
+    // active user is and what their device states look like.
+    AuthEnablementRefreshRequirementProvider.setAccount(containerRequest, account.get());
+
+    int maxDeviceLimit = MAX_DEVICES;
+
+    if (maxDeviceConfiguration.containsKey(account.get().getNumber())) {
+      maxDeviceLimit = maxDeviceConfiguration.get(account.get().getNumber());
+    }
+
+    if (account.get().getEnabledDeviceCount() >= maxDeviceLimit) {
+      throw new DeviceLimitExceededException(account.get().getDevices().size(), MAX_DEVICES);
+    }
+
+    final DeviceCapabilities capabilities = accountAttributes.getCapabilities();
+    if (capabilities != null && isCapabilityDowngrade(account.get(), capabilities, userAgent)) {
+      throw new WebApplicationException(Response.status(409).build());
+    }
+
+    Device device = new Device();
+    device.setName(accountAttributes.getName());
+    device.setAuthenticationCredentials(new AuthenticationCredentials(password));
+    device.setFetchesMessages(accountAttributes.getFetchesMessages());
+    device.setRegistrationId(accountAttributes.getRegistrationId());
+    device.setLastSeen(Util.todayInMillis());
+    device.setCreated(System.currentTimeMillis());
+    device.setCapabilities(accountAttributes.getCapabilities());
+
+    final Account updatedAccount = accounts.update(account.get(), a -> {
+      device.setId(a.getNextDeviceId());
+      messages.clear(a.getUuid(), device.getId());
+      a.addDevice(device);
+    });
+
+    pendingDevices.remove(number);
+
+    return new DeviceResponse(updatedAccount.getUuid(), updatedAccount.getPhoneNumberIdentifier(), device.getId());
   }
 
   @Timed
   @PUT
   @Path("/unauthenticated_delivery")
-  public void setUnauthenticatedDelivery(@Auth Account account) {
-    assert(account.getAuthenticatedDevice().isPresent());
+  public void setUnauthenticatedDelivery(@Auth AuthenticatedAccount auth) {
+    assert (auth.getAuthenticatedDevice() != null);
     // Deprecated
   }
 
   @Timed
   @PUT
   @Path("/capabilities")
-  public void setCapabiltities(@Auth Account account, @Valid DeviceCapabilities capabilities) {
-    assert(account.getAuthenticatedDevice().isPresent());
-    account.getAuthenticatedDevice().get().setCapabilities(capabilities);
-    accounts.update(account);
+  public void setCapabiltities(@Auth AuthenticatedAccount auth, @Valid DeviceCapabilities capabilities) {
+    assert (auth.getAuthenticatedDevice() != null);
+    final long deviceId = auth.getAuthenticatedDevice().getId();
+    accounts.updateDevice(auth.getAccount(), deviceId, d -> d.setCapabilities(capabilities));
   }
 
   @VisibleForTesting protected VerificationCode generateVerificationCode() {
@@ -234,13 +240,10 @@ public class DeviceController {
   private boolean isCapabilityDowngrade(Account account, DeviceCapabilities capabilities, String userAgent) {
     boolean isDowngrade = false;
 
-    if (account.isSenderKeySupported() && !capabilities.isSenderKey()) {
-      isDowngrade = true;
-    }
-
-    if (account.isGv1MigrationSupported() && !capabilities.isGv1Migration()) {
-      isDowngrade = true;
-    }
+    isDowngrade |= account.isChangeNumberSupported() && !capabilities.isChangeNumber();
+    isDowngrade |= account.isAnnouncementGroupSupported() && !capabilities.isAnnouncementGroup();
+    isDowngrade |= account.isSenderKeySupported() && !capabilities.isSenderKey();
+    isDowngrade |= account.isGv1MigrationSupported() && !capabilities.isGv1Migration();
 
     if (account.isGroupsV2Supported()) {
       try {

service/src/main/java/org/whispersystems/textsecuregcm/controllers/DirectoryController.java

@@ -1,14 +1,11 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm.controllers;
 
 import com.codahale.metrics.annotation.Timed;
 import io.dropwizard.auth.Auth;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialGenerator;
-import org.whispersystems.textsecuregcm.storage.Account;
-
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.PUT;
@@ -16,6 +13,8 @@ import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialGenerator;
 
 @Path("/v1/directory")
 public class DirectoryController {
@@ -30,15 +29,15 @@ public class DirectoryController {
   @GET
   @Path("/auth")
   @Produces(MediaType.APPLICATION_JSON)
-  public Response getAuthToken(@Auth Account account) {
-    return Response.ok().entity(directoryServiceTokenGenerator.generateFor(account.getNumber())).build();
+  public Response getAuthToken(@Auth AuthenticatedAccount auth) {
+    return Response.ok().entity(directoryServiceTokenGenerator.generateFor(auth.getAccount().getNumber())).build();
   }
 
   @PUT
   @Path("/feedback-v3/{status}")
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
-  public Response setFeedback(@Auth Account account) {
+  public Response setFeedback(@Auth AuthenticatedAccount auth) {
     return Response.ok().build();
   }
 
@@ -47,7 +46,7 @@ public class DirectoryController {
   @GET
   @Path("/{token}")
   @Produces(MediaType.APPLICATION_JSON)
-  public Response getTokenPresence(@Auth Account account) {
+  public Response getTokenPresence(@Auth AuthenticatedAccount auth) {
     return Response.status(429).build();
   }
 
@@ -56,7 +55,7 @@ public class DirectoryController {
   @Path("/tokens")
   @Produces(MediaType.APPLICATION_JSON)
   @Consumes(MediaType.APPLICATION_JSON)
-  public Response getContactIntersection(@Auth Account account) {
+  public Response getContactIntersection(@Auth AuthenticatedAccount auth) {
     return Response.status(429).build();
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/DirectoryV2Controller.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright 2013-2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+package org.whispersystems.textsecuregcm.controllers;
+
+import com.codahale.metrics.annotation.Timed;
+import io.dropwizard.auth.Auth;
+import java.util.Base64;
+import java.util.UUID;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialGenerator;
+import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
+import org.whispersystems.textsecuregcm.util.ByteUtil;
+import org.whispersystems.textsecuregcm.util.UUIDUtil;
+import org.whispersystems.textsecuregcm.util.Util;
+
+@Path("/v2/directory")
+public class DirectoryV2Controller {
+
+  private final ExternalServiceCredentialGenerator directoryServiceTokenGenerator;
+
+  public DirectoryV2Controller(ExternalServiceCredentialGenerator userTokenGenerator) {
+    this.directoryServiceTokenGenerator = userTokenGenerator;
+  }
+
+  @Timed
+  @GET
+  @Path("/auth")
+  @Produces(MediaType.APPLICATION_JSON)
+  public Response getAuthToken(@Auth AuthenticatedAccount auth) {
+
+    final UUID uuid = auth.getAccount().getUuid();
+    final String e164 = auth.getAccount().getNumber();
+    final long e164AsLong = Long.parseLong(e164, e164.indexOf('+'), e164.length() - 1, 10);
+
+    final byte[] uuidAndNumber = ByteUtil.combine(UUIDUtil.toBytes(uuid), Util.longToByteArray(e164AsLong));
+    final String username = Base64.getEncoder().encodeToString(uuidAndNumber);
+
+    final ExternalServiceCredentials credentials = directoryServiceTokenGenerator.generateFor(username);
+
+    return Response.ok().entity(credentials).build();
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/controllers/DonationController.java

@@ -18,13 +18,22 @@ import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
 import java.net.http.HttpResponse.BodyHandlers;
 import java.nio.charset.StandardCharsets;
+import java.time.Clock;
 import java.time.Duration;
+import java.time.Instant;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
 import java.util.concurrent.Executor;
+import java.util.concurrent.ForkJoinPool;
+import java.util.concurrent.ForkJoinPool.ManagedBlocker;
+import java.util.function.Function;
+import javax.annotation.Nonnull;
 import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
@@ -32,30 +41,68 @@ import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import org.signal.zkgroup.InvalidInputException;
+import org.signal.zkgroup.VerificationFailedException;
+import org.signal.zkgroup.receipts.ReceiptCredentialPresentation;
+import org.signal.zkgroup.receipts.ReceiptSerial;
+import org.signal.zkgroup.receipts.ServerZkReceiptOperations;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DonationConfiguration;
+import org.whispersystems.textsecuregcm.configuration.StripeConfiguration;
 import org.whispersystems.textsecuregcm.entities.ApplePayAuthorizationRequest;
 import org.whispersystems.textsecuregcm.entities.ApplePayAuthorizationResponse;
+import org.whispersystems.textsecuregcm.entities.RedeemReceiptRequest;
 import org.whispersystems.textsecuregcm.http.FaultTolerantHttpClient;
 import org.whispersystems.textsecuregcm.http.FormDataBodyPublisher;
 import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.AccountBadge;
+import org.whispersystems.textsecuregcm.storage.AccountsManager;
+import org.whispersystems.textsecuregcm.storage.RedeemedReceiptsManager;
 import org.whispersystems.textsecuregcm.util.SystemMapper;
 
 @Path("/v1/donation")
 public class DonationController {
 
-  private final Logger logger = LoggerFactory.getLogger(DonationController.class);
+  public interface ReceiptCredentialPresentationFactory {
+    ReceiptCredentialPresentation build(byte[] bytes) throws InvalidInputException;
+  }
 
+  private static final Logger logger = LoggerFactory.getLogger(DonationController.class);
+
+  private final Clock clock;
+  private final ServerZkReceiptOperations serverZkReceiptOperations;
+  private final RedeemedReceiptsManager redeemedReceiptsManager;
+  private final AccountsManager accountsManager;
+  private final BadgesConfiguration badgesConfiguration;
+  private final ReceiptCredentialPresentationFactory receiptCredentialPresentationFactory;
   private final URI uri;
   private final String apiKey;
   private final String description;
   private final Set<String> supportedCurrencies;
   private final FaultTolerantHttpClient httpClient;
 
-  public DonationController(final Executor executor, final DonationConfiguration configuration) {
+  public DonationController(
+      @Nonnull final Clock clock,
+      @Nonnull final ServerZkReceiptOperations serverZkReceiptOperations,
+      @Nonnull final RedeemedReceiptsManager redeemedReceiptsManager,
+      @Nonnull final AccountsManager accountsManager,
+      @Nonnull final BadgesConfiguration badgesConfiguration,
+      @Nonnull final ReceiptCredentialPresentationFactory receiptCredentialPresentationFactory,
+      @Nonnull final Executor httpClientExecutor,
+      @Nonnull final DonationConfiguration configuration,
+      @Nonnull final StripeConfiguration stripeConfiguration) {
+    this.clock = Objects.requireNonNull(clock);
+    this.serverZkReceiptOperations = Objects.requireNonNull(serverZkReceiptOperations);
+    this.redeemedReceiptsManager = Objects.requireNonNull(redeemedReceiptsManager);
+    this.accountsManager = Objects.requireNonNull(accountsManager);
+    this.badgesConfiguration = Objects.requireNonNull(badgesConfiguration);
+    this.receiptCredentialPresentationFactory = Objects.requireNonNull(receiptCredentialPresentationFactory);
     this.uri = URI.create(configuration.getUri());
-    this.apiKey = configuration.getApiKey();
+    this.apiKey = stripeConfiguration.getApiKey();
     this.description = configuration.getDescription();
     this.supportedCurrencies = configuration.getSupportedCurrencies();
     this.httpClient = FaultTolerantHttpClient.newBuilder()
@@ -64,18 +111,88 @@ public class DonationController {
         .withVersion(Version.HTTP_2)
         .withConnectTimeout(Duration.ofSeconds(10))
         .withRedirect(Redirect.NEVER)
-        .withExecutor(executor)
+        .withExecutor(Objects.requireNonNull(httpClientExecutor))
         .withName("donation")
         .withSecurityProtocol(FaultTolerantHttpClient.SECURITY_PROTOCOL_TLS_1_3)
         .build();
   }
 
+  @Timed
+  @POST
+  @Path("/redeem-receipt")
+  @Consumes(MediaType.APPLICATION_JSON)
+  @Produces({MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN})
+  public CompletionStage<Response> redeemReceipt(
+      @Auth final AuthenticatedAccount auth,
+      @Valid final RedeemReceiptRequest request) {
+    return CompletableFuture.supplyAsync(() -> {
+      ReceiptCredentialPresentation receiptCredentialPresentation;
+      try {
+        receiptCredentialPresentation = receiptCredentialPresentationFactory.build(
+            request.getReceiptCredentialPresentation());
+      } catch (InvalidInputException e) {
+        return CompletableFuture.completedFuture(Response.status(Status.BAD_REQUEST).entity("invalid receipt credential presentation").type(MediaType.TEXT_PLAIN_TYPE).build());
+      }
+      try {
+        serverZkReceiptOperations.verifyReceiptCredentialPresentation(receiptCredentialPresentation);
+      } catch (VerificationFailedException e) {
+        return CompletableFuture.completedFuture(Response.status(Status.BAD_REQUEST).entity("receipt credential presentation verification failed").type(MediaType.TEXT_PLAIN_TYPE).build());
+      }
+
+      final ReceiptSerial receiptSerial = receiptCredentialPresentation.getReceiptSerial();
+      final Instant receiptExpiration = Instant.ofEpochSecond(receiptCredentialPresentation.getReceiptExpirationTime());
+      final long receiptLevel = receiptCredentialPresentation.getReceiptLevel();
+      final String badgeId = badgesConfiguration.getReceiptLevels().get(receiptLevel);
+      if (badgeId == null) {
+        return CompletableFuture.completedFuture(Response.serverError().entity("server does not recognize the requested receipt level").type(MediaType.TEXT_PLAIN_TYPE).build());
+      }
+      final CompletionStage<Boolean> putStage = redeemedReceiptsManager.put(
+          receiptSerial, receiptExpiration.getEpochSecond(), receiptLevel, auth.getAccount().getUuid());
+      return putStage.thenApplyAsync(receiptMatched -> {
+        if (!receiptMatched) {
+          return Response.status(Status.BAD_REQUEST).entity("receipt serial is already redeemed").type(MediaType.TEXT_PLAIN_TYPE).build();
+        }
+
+        try {
+          ForkJoinPool.managedBlock(new ManagedBlocker() {
+            boolean done = false;
+
+            @Override
+            public boolean block() {
+              final Optional<Account> optionalAccount = accountsManager.getByAccountIdentifier(auth.getAccount().getUuid());
+              optionalAccount.ifPresent(account -> {
+                accountsManager.update(account, a -> {
+                  a.addBadge(clock, new AccountBadge(badgeId, receiptExpiration, request.isVisible()));
+                  if (request.isPrimary()) {
+                    a.makeBadgePrimaryIfExists(clock, badgeId);
+                  }
+                });
+              });
+              done = true;
+              return true;
+            }
+
+            @Override
+            public boolean isReleasable() {
+              return done;
+            }
+          });
+        } catch (InterruptedException e) {
+          Thread.currentThread().interrupt();
+          return Response.serverError().build();
+        }
+
+        return Response.ok().build();
+      });
+    }).thenCompose(Function.identity());
+  }
+
   @Timed
   @POST
   @Path("/authorize-apple-pay")
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
-  public CompletableFuture<Response> getApplePayAuthorization(@Auth Account account, @Valid ApplePayAuthorizationRequest request) {
+  public CompletableFuture<Response> getApplePayAuthorization(@Auth AuthenticatedAccount auth, @Valid ApplePayAuthorizationRequest request) {
     if (!supportedCurrencies.contains(request.getCurrency())) {
       return CompletableFuture.completedFuture(Response.status(422).build());
     }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeepAliveController.java

@@ -1,28 +1,27 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.controllers;
 
+import static com.codahale.metrics.MetricRegistry.name;
+
 import com.codahale.metrics.annotation.Timed;
 import io.dropwizard.auth.Auth;
 import io.micrometer.core.instrument.Metrics;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Response;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
-import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.util.ua.UnrecognizedUserAgentException;
 import org.whispersystems.textsecuregcm.util.ua.UserAgentUtil;
 import org.whispersystems.websocket.session.WebSocketSession;
 import org.whispersystems.websocket.session.WebSocketSessionContext;
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Response;
-
-import static com.codahale.metrics.MetricRegistry.name;
-
 
 @Path("/v1/keepalive")
 public class KeepAliveController {
@@ -40,15 +39,14 @@ public class KeepAliveController {
 
   @Timed
   @GET
-  public Response getKeepAlive(@Auth             Account account,
-                               @WebSocketSession WebSocketSessionContext context)
-  {
-    if (account != null) {
-      if (!clientPresenceManager.isLocallyPresent(account.getUuid(), account.getAuthenticatedDevice().get().getId())) {
+  public Response getKeepAlive(@Auth AuthenticatedAccount auth,
+      @WebSocketSession WebSocketSessionContext context) {
+    if (auth != null) {
+      if (!clientPresenceManager.isLocallyPresent(auth.getAccount().getUuid(), auth.getAuthenticatedDevice().getId())) {
         logger.warn("***** No local subscription found for {}::{}; age = {}ms, User-Agent = {}",
-                    account.getUuid(), account.getAuthenticatedDevice().get().getId(),
-                    System.currentTimeMillis() - context.getClient().getCreatedTimestamp(),
-                    context.getClient().getUserAgent());
+            auth.getAccount().getUuid(), auth.getAuthenticatedDevice().getId(),
+            System.currentTimeMillis() - context.getClient().getCreatedTimestamp(),
+            context.getClient().getUserAgent());
 
         context.getClient().close(1000, "OK");