Support PayPal for recurring donations

* wip removing groups v2 capabilities

* comments

* finish removing groups v2 references

* hardcode gv1migration flag on user capability, remove other references

.editorconfig

@@ -146,7 +146,7 @@ ij_java_generate_final_parameters = true
 ij_java_if_brace_force = always
 ij_java_imports_layout = $*,|,*
 ij_java_indent_case_from_switch = true
-ij_java_insert_inner_class_imports = true
+ij_java_insert_inner_class_imports = false
 ij_java_insert_override_annotation = true
 ij_java_keep_blank_lines_before_right_brace = 2
 ij_java_keep_blank_lines_between_package_declaration_and_header = 2
@@ -1135,7 +1135,7 @@ ij_kotlin_field_annotation_wrap = split_into_lines
 ij_kotlin_finally_on_new_line = false
 ij_kotlin_if_rparen_on_new_line = false
 ij_kotlin_import_nested_classes = false
-ij_kotlin_imports_layout = *,java.**,javax.**,kotlin.**,^
+ij_kotlin_imports_layout = *
 ij_kotlin_insert_whitespaces_in_simple_one_line_method = true
 ij_kotlin_keep_blank_lines_before_right_brace = 2
 ij_kotlin_keep_blank_lines_in_code = 2
@@ -1151,9 +1151,9 @@ ij_kotlin_method_call_chain_wrap = off
 ij_kotlin_method_parameters_new_line_after_left_paren = false
 ij_kotlin_method_parameters_right_paren_on_new_line = false
 ij_kotlin_method_parameters_wrap = off
-ij_kotlin_name_count_to_use_star_import = 5
-ij_kotlin_name_count_to_use_star_import_for_members = 3
-ij_kotlin_packages_to_use_import_on_demand = java.util.*,kotlinx.android.synthetic.**,io.ktor.**
+ij_kotlin_name_count_to_use_star_import = 999
+ij_kotlin_name_count_to_use_star_import_for_members = 999
+ij_kotlin_packages_to_use_import_on_demand =
 ij_kotlin_parameter_annotation_wrap = off
 ij_kotlin_space_after_comma = true
 ij_kotlin_space_after_extend_colon = true

.github/workflows/test.yml

@@ -5,14 +5,19 @@ on: [push]
 jobs:
   build:
     runs-on: ubuntu-latest
+    container: ubuntu:22.04
 
     steps:
-      - uses: actions/checkout@v2
-      - name: Set up JDK 11
-        uses: actions/setup-java@3bc31aaf88e8fc94dc1e632d48af61be5ca8721c
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+      - name: Set up JDK 17
+        uses: actions/setup-java@de1bb2b0c5634f0fc4438d7aa9944e68f9bf86cc # v3.6.0
         with:
           distribution: 'temurin'
           java-version: 17
           cache: 'maven'
+        env:
+          # work around an issue with actions/runner setting an incorrect HOME in containers, which breaks maven caching
+          # https://github.com/actions/setup-java/issues/356
+          HOME: /root
       - name: Build with Maven
-        run: mvn -e -B verify
+        run: ./mvnw -e -B verify

.gitignore

@@ -16,6 +16,7 @@ config/deploy.properties
 /service/config/testing.yml
 /service/config/deploy.properties
 /service/dependency-reduced-pom.xml
+.java-version
 .opsmanage
 put.sh
 deployer-staging.properties
@@ -25,4 +26,3 @@ deployer.log
 !/service/src/main/resources/org/signal/badges/Badges_en.properties
 /service/src/main/resources/org/signal/subscriptions/Subscriptions_*.properties
 !/service/src/main/resources/org/signal/subscriptions/Subscriptions_en.properties
-/.tx/config

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar

README.md

@@ -13,7 +13,7 @@ Cryptography Notice
 
 This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software.
 BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
-See <http://www.wassenaar.org/> for more information.
+See <https://www.wassenaar.org/> for more information.
 
 The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms.
 The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
@@ -21,6 +21,6 @@ The form and manner of this distribution makes it eligible for export under the
 License
 ---------------------
 
-Copyright 2013-2021 Signal Messenger, LLC
+Copyright 2013-2022 Signal Messenger, LLC
 
 Licensed under the AGPLv3: https://www.gnu.org/licenses/agpl-3.0.html

event-logger/pom.xml

@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2022 Signal Messenger, LLC
+  ~ SPDX-License-Identifier: AGPL-3.0-only
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <artifactId>TextSecureServer</artifactId>
+    <groupId>org.whispersystems.textsecure</groupId>
+    <version>JGITVER</version>
+  </parent>
+
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>event-logger</artifactId>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-cloud-logging</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.jetbrains.kotlin</groupId>
+      <artifactId>kotlin-stdlib</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.jetbrains</groupId>
+          <!--
+              depends on an outdated version (13.0) for JDK 6 compatibility, but it’s safe to override
+              https://youtrack.jetbrains.com/issue/KT-25047
+          -->
+          <artifactId>annotations</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.jetbrains.kotlinx</groupId>
+      <artifactId>kotlinx-serialization-json</artifactId>
+      <version>${kotlinx-serialization.version}</version>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <sourceDirectory>${project.basedir}/src/main/kotlin</sourceDirectory>
+    <testSourceDirectory>${project.basedir}/src/test/kotlin</testSourceDirectory>
+
+    <plugins>
+      <plugin>
+        <groupId>org.jetbrains.kotlin</groupId>
+        <artifactId>kotlin-maven-plugin</artifactId>
+        <version>${kotlin.version}</version>
+
+        <executions>
+          <execution>
+            <id>compile</id>
+            <goals>
+              <goal>compile</goal>
+            </goals>
+          </execution>
+
+          <execution>
+            <id>test-compile</id>
+            <goals>
+              <goal>test-compile</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <compilerPlugins>
+            <plugin>kotlinx-serialization</plugin>
+          </compilerPlugins>
+        </configuration>
+        <dependencies>
+          <dependency>
+            <groupId>org.jetbrains.kotlin</groupId>
+            <artifactId>kotlin-maven-serialization</artifactId>
+            <version>${kotlin.version}</version>
+          </dependency>
+        </dependencies>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>

event-logger/src/main/kotlin/events.kt

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.signal.event
+
+import java.util.Collections
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.modules.SerializersModule
+import kotlinx.serialization.modules.polymorphic
+import kotlinx.serialization.modules.subclass
+
+val module = SerializersModule {
+    polymorphic(Event::class) {
+        subclass(RemoteConfigSetEvent::class)
+        subclass(RemoteConfigDeleteEvent::class)
+    }
+}
+val jsonFormat = Json { serializersModule = module }
+
+sealed interface Event
+
+@Serializable
+data class RemoteConfigSetEvent(
+        val token: String,
+        val name: String,
+        val percentage: Int,
+        val defaultValue: String? = null,
+        val value: String? = null,
+        val hashKey: String? = null,
+        val uuids: Collection<String> = Collections.emptyList(),
+) : Event
+
+@Serializable
+data class RemoteConfigDeleteEvent(
+        val token: String,
+        val name: String,
+) : Event

event-logger/src/main/kotlin/loggers.kt

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.signal.event
+
+import com.google.cloud.logging.LogEntry
+import com.google.cloud.logging.Logging
+import com.google.cloud.logging.MonitoredResourceUtil
+import com.google.cloud.logging.Payload.JsonPayload
+import com.google.cloud.logging.Severity
+import com.google.protobuf.Struct
+import com.google.protobuf.util.JsonFormat
+import kotlinx.serialization.encodeToString
+
+interface AdminEventLogger {
+    fun logEvent(event: Event, labels: Map<String, String>?)
+    fun logEvent(event: Event) = logEvent(event, null)
+}
+
+class NoOpAdminEventLogger : AdminEventLogger {
+    override fun logEvent(event: Event, labels: Map<String, String>?) {}
+}
+
+class GoogleCloudAdminEventLogger(private val logging: Logging, private val projectId: String, private val logName: String) : AdminEventLogger {
+    override fun logEvent(event: Event, labels: Map<String, String>?) {
+        val structBuilder = Struct.newBuilder()
+        JsonFormat.parser().merge(jsonFormat.encodeToString(event), structBuilder)
+        val struct = structBuilder.build()
+
+        val logEntryBuilder = LogEntry.newBuilder(JsonPayload.of(struct))
+                .setLogName(logName)
+                .setSeverity(Severity.NOTICE)
+                .setResource(MonitoredResourceUtil.getResource(projectId, "project"));
+        if (labels != null) {
+            logEntryBuilder.setLabels(labels);
+        }
+        logging.write(listOf(logEntryBuilder.build()))
+    }
+}

event-logger/src/test/kotlin/org/signal/event/GoogleCloudAdminEventLoggerTest.kt

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2023 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.signal.event
+
+import com.google.cloud.logging.Logging
+import org.junit.jupiter.api.Test
+import org.mockito.Mockito.mock
+
+class GoogleCloudAdminEventLoggerTest {
+
+    @Test
+    fun logEvent() {
+        val logging = mock(Logging::class.java)
+        val logger = GoogleCloudAdminEventLogger(logging, "my-project", "test")
+
+        val event = RemoteConfigDeleteEvent("token", "test")
+        logger.logEvent(event)
+    }
+}

gcm-sender-async/pom.xml

@@ -1,52 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <parent>
-    <artifactId>TextSecureServer</artifactId>
-    <groupId>org.whispersystems.textsecure</groupId>
-    <version>JGITVER</version>
-  </parent>
-  <modelVersion>4.0.0</modelVersion>
-  <artifactId>gcm-sender-async</artifactId>
-
-  <dependencies>
-    <dependency>
-      <groupId>io.github.resilience4j</groupId>
-      <artifactId>resilience4j-retry</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.fasterxml.jackson.core</groupId>
-      <artifactId>jackson-core</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.fasterxml.jackson.core</groupId>
-      <artifactId>jackson-annotations</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.fasterxml.jackson.core</groupId>
-      <artifactId>jackson-databind</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.google.guava</groupId>
-      <artifactId>guava</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.httpcomponents</groupId>
-      <artifactId>httpclient</artifactId>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-nop</artifactId>
-      <scope>test</scope>
-    </dependency>
-  </dependencies>
-
-</project>
-

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/AuthenticationFailedException.java

@@ -1,9 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-
-public class AuthenticationFailedException extends Exception {
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/InvalidRequestException.java

@@ -1,9 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-
-public class InvalidRequestException extends Exception {
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/Message.java

@@ -1,144 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.whispersystems.gcm.server.internal.GcmRequestEntity;
-
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-public class Message {
-
-  private static final ObjectMapper objectMapper = new ObjectMapper();
-
-  private final String              collapseKey;
-  private final Long                ttl;
-  private final Boolean             delayWhileIdle;
-  private final Map<String, String> data;
-  private final List<String>        registrationIds;
-  private final String              priority;
-
-  private Message(String collapseKey, Long ttl, Boolean delayWhileIdle,
-                  Map<String, String> data, List<String> registrationIds,
-                  String priority)
-  {
-    this.collapseKey     = collapseKey;
-    this.ttl             = ttl;
-    this.delayWhileIdle  = delayWhileIdle;
-    this.data            = data;
-    this.registrationIds = registrationIds;
-    this.priority        = priority;
-  }
-
-  public String serialize() throws JsonProcessingException {
-    GcmRequestEntity requestEntity = new GcmRequestEntity(collapseKey, ttl, delayWhileIdle,
-                                                          data, registrationIds, priority);
-
-    return objectMapper.writeValueAsString(requestEntity);
-  }
-
-  /**
-   * Construct a new Message using a Builder.
-   * @return A new Builder.
-   */
-  public static Builder newBuilder() {
-    return new Builder();
-  }
-
-  public static class Builder {
-
-    private String              collapseKey     = null;
-    private Long                ttl             = null;
-    private Boolean             delayWhileIdle  = null;
-    private Map<String, String> data            = null;
-    private List<String>        registrationIds = new LinkedList<>();
-    private String              priority        = null;
-
-    private Builder() {}
-
-    /**
-     * @param collapseKey The GCM collapse key to use (optional).
-     * @return The Builder.
-     */
-    public Builder withCollapseKey(String collapseKey) {
-      this.collapseKey = collapseKey;
-      return this;
-    }
-
-    /**
-     * @param seconds The TTL (in seconds) for this message (optional).
-     * @return The Builder.
-     */
-    public Builder withTtl(long seconds) {
-      this.ttl = seconds;
-      return this;
-    }
-
-    /**
-     * @param delayWhileIdle Set GCM delay_while_idle (optional).
-     * @return The Builder.
-     */
-    public Builder withDelayWhileIdle(boolean delayWhileIdle) {
-      this.delayWhileIdle = delayWhileIdle;
-      return this;
-    }
-
-    /**
-     * Set a key in the GCM JSON payload delivered to the application (optional).
-     * @param key The key to set.
-     * @param value The value to set.
-     * @return The Builder.
-     */
-    public Builder withDataPart(String key, String value) {
-      if (data == null) {
-        data = new HashMap<>();
-      }
-      data.put(key, value);
-      return this;
-    }
-
-    /**
-     * Set the destination GCM registration ID (mandatory).
-     * @param registrationId The destination GCM registration ID.
-     * @return The Builder.
-     */
-    public Builder withDestination(String registrationId) {
-      this.registrationIds.clear();
-      this.registrationIds.add(registrationId);
-      return this;
-    }
-
-    /**
-     * Set the GCM message priority (optional).
-     *
-     * @param priority Valid values are "normal" and "high."
-     *                 On iOS, these correspond to APNs priority 5 and 10.
-     * @return The Builder.
-     */
-    public Builder withPriority(String priority) {
-      this.priority = priority;
-      return this;
-    }
-
-    /**
-     * Construct a message object.
-     *
-     * @return An immutable message object, as configured by this builder.
-     */
-    public Message build() {
-      if (registrationIds.isEmpty()) {
-        throw new IllegalArgumentException("You must specify a destination!");
-      }
-
-      return new Message(collapseKey, ttl, delayWhileIdle, data, registrationIds, priority);
-    }
-  }
-
-
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/Result.java

@@ -1,80 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-/**
- * The result of a GCM send operation.
- */
-public class Result {
-
-  private final String canonicalRegistrationId;
-  private final String messageId;
-  private final String error;
-
-  Result(String canonicalRegistrationId, String messageId, String error) {
-    this.canonicalRegistrationId = canonicalRegistrationId;
-    this.messageId               = messageId;
-    this.error                   = error;
-  }
-
-  /**
-   * Returns the "canonical" GCM registration ID for this destination.
-   * See GCM documentation for details.
-   * @return The canonical GCM registration ID.
-   */
-  public String getCanonicalRegistrationId() {
-    return canonicalRegistrationId;
-  }
-
-  /**
-   * @return If a "canonical" GCM registration ID is present in the response.
-   */
-  public boolean hasCanonicalRegistrationId() {
-    return canonicalRegistrationId != null && !canonicalRegistrationId.isEmpty();
-  }
-
-  /**
-   * @return The assigned GCM message ID, if successful.
-   */
-  public String getMessageId() {
-    return messageId;
-  }
-
-  /**
-   * @return The raw error string, if present.
-   */
-  public String getError() {
-    return error;
-  }
-
-  /**
-   * @return If the send was a success.
-   */
-  public boolean isSuccess() {
-    return messageId != null && !messageId.isEmpty() && (error == null || error.isEmpty());
-  }
-
-  /**
-   * @return If the destination GCM registration ID is no longer registered.
-   */
-  public boolean isUnregistered() {
-    return "NotRegistered".equals(error);
-  }
-
-  /**
-   * @return If messages to this device are being throttled.
-   */
-  public boolean isThrottled() {
-    return "DeviceMessageRateExceeded".equals(error);
-  }
-
-  /**
-   * @return If the destination GCM registration ID is invalid.
-   */
-  public boolean isInvalidRegistrationId() {
-    return "InvalidRegistration".equals(error);
-  }
-
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/Sender.java

@@ -1,154 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.annotations.VisibleForTesting;
-import io.github.resilience4j.retry.IntervalFunction;
-import io.github.resilience4j.retry.Retry;
-import io.github.resilience4j.retry.RetryConfig;
-import org.whispersystems.gcm.server.internal.GcmResponseEntity;
-import org.whispersystems.gcm.server.internal.GcmResponseListEntity;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.http.HttpClient;
-import java.net.http.HttpRequest;
-import java.net.http.HttpResponse.BodyHandlers;
-import java.security.SecureRandom;
-import java.time.Duration;
-import java.util.List;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.CompletionException;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeoutException;
-
-/**
- * The main interface to sending GCM messages.  Thread safe.
- *
- * @author Moxie Marlinspike
- */
-public class Sender {
-
-  private static final String PRODUCTION_URL = "https://fcm.googleapis.com/fcm/send";
-
-  private final String                   authorizationHeader;
-  private final URI                      uri;
-  private final Retry                    retry;
-  private final ObjectMapper             mapper;
-  private final ScheduledExecutorService executorService;
-
-  private final HttpClient[] clients = new HttpClient[10];
-  private final SecureRandom random  = new SecureRandom();
-
-  /**
-   * Construct a Sender instance.
-   *
-   * @param apiKey Your application's GCM API key.
-   */
-  public Sender(String apiKey, ObjectMapper mapper) {
-    this(apiKey, mapper, 10);
-  }
-
-  /**
-   * Construct a Sender instance with a specified retry count.
-   *
-   * @param apiKey Your application's GCM API key.
-   * @param retryCount The number of retries to attempt on a network error or 500 response.
-   */
-  public Sender(String apiKey, ObjectMapper mapper, int retryCount) {
-    this(apiKey, mapper, retryCount, PRODUCTION_URL);
-  }
-
-  @VisibleForTesting
-  public Sender(String apiKey, ObjectMapper mapper, int retryCount, String url) {
-    this.mapper              = mapper;
-    this.executorService     = Executors.newSingleThreadScheduledExecutor();
-    this.uri                 = URI.create(url);
-    this.authorizationHeader = String.format("key=%s", apiKey);
-    this.retry               = Retry.of("fcm-sender", RetryConfig.custom()
-                                                                       .maxAttempts(retryCount)
-                                                                       .intervalFunction(IntervalFunction.ofExponentialRandomBackoff(Duration.ofMillis(100), 2.0))
-                                                                       .retryOnException(this::isRetryableException)
-                                                                       .build());
-
-    for (int i=0;i<clients.length;i++) {
-      this.clients[i] = HttpClient.newBuilder()
-                                  .version(HttpClient.Version.HTTP_2)
-                                  .connectTimeout(Duration.ofSeconds(10))
-                                  .build();
-    }
-  }
-
-  private boolean isRetryableException(Throwable throwable) {
-    while (throwable instanceof  CompletionException) {
-      throwable = throwable.getCause();
-    }
-
-    return throwable instanceof ServerFailedException ||
-           throwable instanceof  TimeoutException     ||
-           throwable instanceof  IOException;
-  }
-
-  /**
-   * Asynchronously send a message.
-   *
-   * @param message The message to send.
-   * @return A future.
-   */
-  public CompletableFuture<Result> send(Message message) {
-    try {
-      HttpRequest request = HttpRequest.newBuilder()
-                                       .uri(uri)
-                                       .header("Authorization", authorizationHeader)
-                                       .header("Content-Type", "application/json")
-                                       .POST(HttpRequest.BodyPublishers.ofString(message.serialize()))
-                                       .timeout(Duration.ofSeconds(10))
-                                       .build();
-
-      return retry.executeCompletionStage(executorService,
-                                          () -> getClient().sendAsync(request, BodyHandlers.ofByteArray())
-                                                      .thenApply(response -> {
-                                                        switch (response.statusCode()) {
-                                                          case 400: throw new CompletionException(new InvalidRequestException());
-                                                          case 401: throw new CompletionException(new AuthenticationFailedException());
-                                                          case 204:
-                                                          case 200: return response.body();
-                                                          default:  throw new CompletionException(new ServerFailedException("Bad status: " + response.statusCode()));
-                                                        }
-                                                      })
-                                                      .thenApply(responseBytes -> {
-                                                        try {
-                                                          List<GcmResponseEntity> responseList = mapper.readValue(responseBytes, GcmResponseListEntity.class).getResults();
-
-                                                          if (responseList == null || responseList.size() == 0) {
-                                                            throw new CompletionException(new IOException("Empty response list!"));
-                                                          }
-
-                                                          GcmResponseEntity responseEntity = responseList.get(0);
-
-                                                          return new Result(responseEntity.getCanonicalRegistrationId(),
-                                                                            responseEntity.getMessageId(),
-                                                                            responseEntity.getError());
-                                                        } catch (IOException e) {
-                                                          throw new CompletionException(e);
-                                                        }
-                                                      })).toCompletableFuture();
-    } catch (JsonProcessingException e) {
-      return CompletableFuture.failedFuture(e);
-    }
-  }
-
-  public Retry getRetry() {
-    return retry;
-  }
-
-  private HttpClient getClient() {
-    return clients[random.nextInt(clients.length)];
-  }
-
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/ServerFailedException.java

@@ -1,15 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-public class ServerFailedException extends Exception {
-  public ServerFailedException(String message) {
-    super(message);
-  }
-
-  public ServerFailedException(Exception e) {
-    super(e);
-  }
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/internal/GcmRequestEntity.java

@@ -1,46 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.internal;
-
-
-import com.fasterxml.jackson.annotation.JsonInclude;
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import java.util.List;
-import java.util.Map;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-public class GcmRequestEntity {
-
-  @JsonProperty(value = "collapse_key")
-  private String collapseKey;
-
-  @JsonProperty(value = "time_to_live")
-  private Long ttl;
-
-  @JsonProperty(value = "delay_while_idle")
-  private Boolean delayWhileIdle;
-
-  @JsonProperty(value = "data")
-  private Map<String, String> data;
-
-  @JsonProperty(value = "registration_ids")
-  private List<String> registrationIds;
-
-  @JsonProperty
-  private String priority;
-
-  public GcmRequestEntity(String collapseKey, Long ttl, Boolean delayWhileIdle,
-                          Map<String, String> data, List<String> registrationIds,
-                          String priority)
-  {
-    this.collapseKey     = collapseKey;
-    this.ttl             = ttl;
-    this.delayWhileIdle  = delayWhileIdle;
-    this.data            = data;
-    this.registrationIds = registrationIds;
-    this.priority        = priority;
-  }
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/internal/GcmResponseEntity.java

@@ -1,31 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.internal;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-public class GcmResponseEntity {
-
-  @JsonProperty(value = "message_id")
-  private String messageId;
-
-  @JsonProperty(value = "registration_id")
-  private String canonicalRegistrationId;
-
-  @JsonProperty
-  private String error;
-
-  public String getMessageId() {
-    return messageId;
-  }
-
-  public String getCanonicalRegistrationId() {
-    return canonicalRegistrationId;
-  }
-
-  public String getError() {
-    return error;
-  }
-}

gcm-sender-async/src/main/java/org/whispersystems/gcm/server/internal/GcmResponseListEntity.java

@@ -1,19 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.internal;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import java.util.List;
-
-public class GcmResponseListEntity {
-
-  @JsonProperty
-  private List<GcmResponseEntity> results;
-
-  public List<GcmResponseEntity> getResults() {
-    return results;
-  }
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/MessageTest.java

@@ -1,49 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import org.junit.Test;
-
-import java.io.IOException;
-
-import static org.junit.Assert.assertEquals;
-import static org.whispersystems.gcm.server.util.JsonHelpers.jsonFixture;
-
-public class MessageTest {
-
-  @Test
-  public void testMinimal() throws IOException {
-    Message message = Message.newBuilder()
-                             .withDestination("1")
-                             .build();
-
-    assertEquals(message.serialize(), jsonFixture("fixtures/message-minimal.json"));
-  }
-
-  @Test
-  public void testComplete() throws IOException {
-    Message message = Message.newBuilder()
-                             .withDestination("1")
-                             .withCollapseKey("collapse")
-                             .withDelayWhileIdle(true)
-                             .withTtl(10)
-                             .withPriority("high")
-                             .build();
-
-    assertEquals(message.serialize(), jsonFixture("fixtures/message-complete.json"));
-  }
-
-  @Test
-  public void testWithData() throws IOException {
-    Message message = Message.newBuilder()
-                             .withDestination("2")
-                             .withDataPart("key1", "value1")
-                             .withDataPart("key2", "value2")
-                             .build();
-
-    assertEquals(message.serialize(), jsonFixture("fixtures/message-data.json"));
-  }
-
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/SenderTest.java

@@ -1,200 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
-import static com.github.tomakehurst.wiremock.client.WireMock.any;
-import static com.github.tomakehurst.wiremock.client.WireMock.anyRequestedFor;
-import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
-import static com.github.tomakehurst.wiremock.client.WireMock.equalTo;
-import static com.github.tomakehurst.wiremock.client.WireMock.ok;
-import static com.github.tomakehurst.wiremock.client.WireMock.postRequestedFor;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
-import static com.github.tomakehurst.wiremock.client.WireMock.verify;
-import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-import static org.whispersystems.gcm.server.util.FixtureHelpers.fixture;
-import static org.whispersystems.gcm.server.util.JsonHelpers.jsonFixture;
-
-import com.fasterxml.jackson.annotation.JsonAutoDetect;
-import com.fasterxml.jackson.annotation.PropertyAccessor;
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.github.tomakehurst.wiremock.client.CountMatchingStrategy;
-import com.github.tomakehurst.wiremock.junit.WireMockRule;
-import java.io.IOException;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.TimeoutException;
-import org.junit.Rule;
-import org.junit.Test;
-
-public class SenderTest {
-
-  @Rule
-  public WireMockRule wireMock = new WireMockRule(options().dynamicPort().dynamicHttpsPort());
-
-  private static final ObjectMapper mapper = new ObjectMapper();
-
-  static {
-    mapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.NONE);
-    mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
-    mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-  }
-
-  @Test
-  public void testSuccess() throws InterruptedException, ExecutionException, TimeoutException, IOException {
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(aResponse()
-            .withStatus(200)
-            .withBody(fixture("fixtures/response-success.json"))));
-
-
-    Sender                    sender = new Sender("foobarbaz", mapper, 10, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    Result result = future.get(10, TimeUnit.SECONDS);
-
-    assertTrue(result.isSuccess());
-    assertFalse(result.isThrottled());
-    assertFalse(result.isUnregistered());
-    assertEquals(result.getMessageId(), "1:08");
-    assertNull(result.getError());
-    assertNull(result.getCanonicalRegistrationId());
-
-    verify(1, postRequestedFor(urlEqualTo("/gcm/send"))
-        .withHeader("Authorization", equalTo("key=foobarbaz"))
-        .withHeader("Content-Type", equalTo("application/json"))
-        .withRequestBody(equalTo(jsonFixture("fixtures/message-minimal.json"))));
-  }
-
-  @Test
-  public void testBadApiKey() throws InterruptedException, TimeoutException {
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(aResponse()
-            .withStatus(401)));
-
-    Sender                    sender = new Sender("foobar", mapper, 10, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    try {
-      future.get(10, TimeUnit.SECONDS);
-      throw new AssertionError();
-    } catch (ExecutionException ee) {
-      assertTrue(ee.getCause() instanceof AuthenticationFailedException);
-    }
-
-    verify(1, anyRequestedFor(anyUrl()));
-  }
-
-  @Test
-  public void testBadRequest() throws TimeoutException, InterruptedException {
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(aResponse()
-            .withStatus(400)));
-
-    Sender                    sender = new Sender("foobarbaz", mapper, 10, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    try {
-      future.get(10, TimeUnit.SECONDS);
-      throw new AssertionError();
-    } catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof InvalidRequestException);
-    }
-
-    verify(1, anyRequestedFor(anyUrl()));
-  }
-
-  @Test
-  public void testServerError() throws TimeoutException, InterruptedException {
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(aResponse()
-            .withStatus(503)));
-
-    Sender                    sender = new Sender("foobarbaz", mapper, 3, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    try {
-      future.get(10, TimeUnit.SECONDS);
-      throw new AssertionError();
-    } catch (ExecutionException ee) {
-      assertTrue(ee.getCause() instanceof ServerFailedException);
-    }
-
-    verify(3, anyRequestedFor(anyUrl()));
-  }
-
-  @Test
-  public void testServerErrorRecovery() throws InterruptedException, ExecutionException, TimeoutException {
-
-    wireMock.stubFor(any(anyUrl()).willReturn(aResponse().withStatus(503)));
-
-    Sender                    sender = new Sender("foobarbaz", mapper, 4, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    // up to three failures can happen, with 100ms exponential backoff
-    // if we end up using the fourth, and finaly try, it would be after ~700 ms
-    CompletableFuture.delayedExecutor(300, TimeUnit.MILLISECONDS).execute(() ->
-        wireMock.stubFor(any(anyUrl())
-            .willReturn(aResponse()
-                .withStatus(200)
-                .withBody(fixture("fixtures/response-success.json"))))
-    );
-
-    Result result = future.get(10, TimeUnit.SECONDS);
-
-    verify(new CountMatchingStrategy(CountMatchingStrategy.GREATER_THAN, 1), anyRequestedFor(anyUrl()));
-    assertTrue(result.isSuccess());
-    assertFalse(result.isThrottled());
-    assertFalse(result.isUnregistered());
-    assertEquals(result.getMessageId(), "1:08");
-    assertNull(result.getError());
-    assertNull(result.getCanonicalRegistrationId());
-  }
-
-  @Test
-  public void testNetworkError() throws TimeoutException, InterruptedException {
-
-    wireMock.stubFor(any(anyUrl())
-        .willReturn(ok()));
-
-    Sender sender = new Sender("foobarbaz", mapper ,2, "http://localhost:" + wireMock.port() + "/gcm/send");
-
-    wireMock.stop();
-
-    CompletableFuture<Result> future = sender.send(Message.newBuilder().withDestination("1").build());
-
-    try {
-      future.get(10, TimeUnit.SECONDS);
-    } catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof IOException);
-    }
-  }
-
-  @Test
-  public void testNotRegistered() throws InterruptedException, ExecutionException, TimeoutException {
-
-    wireMock.stubFor(any(anyUrl()).willReturn(aResponse().withStatus(200)
-        .withBody(fixture("fixtures/response-not-registered.json"))));
-
-    Sender                    sender = new Sender("foobarbaz", mapper,2, "http://localhost:" + wireMock.port() + "/gcm/send");
-    CompletableFuture<Result> future = sender.send(Message.newBuilder()
-                                                         .withDestination("2")
-                                                         .withDataPart("message", "new message!")
-                                                         .build());
-
-    Result result = future.get(10, TimeUnit.SECONDS);
-
-    assertFalse(result.isSuccess());
-    assertTrue(result.isUnregistered());
-    assertFalse(result.isThrottled());
-    assertEquals(result.getError(), "NotRegistered");
-  }
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/SimultaneousSenderTest.java

@@ -1,89 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server;
-
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
-import static com.github.tomakehurst.wiremock.client.WireMock.post;
-import static com.github.tomakehurst.wiremock.client.WireMock.stubFor;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlPathEqualTo;
-import static junit.framework.TestCase.assertTrue;
-import static org.whispersystems.gcm.server.util.FixtureHelpers.fixture;
-
-import com.fasterxml.jackson.annotation.JsonAutoDetect;
-import com.fasterxml.jackson.annotation.PropertyAccessor;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
-import com.github.tomakehurst.wiremock.junit.WireMockRule;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.TimeoutException;
-import org.junit.Ignore;
-import org.junit.Rule;
-import org.junit.Test;
-
-public class SimultaneousSenderTest {
-
-  @Rule
-  public WireMockRule wireMock = new WireMockRule(WireMockConfiguration.options().dynamicPort().dynamicHttpsPort());
-
-  private static final ObjectMapper mapper = new ObjectMapper();
-
-  static {
-    mapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.NONE);
-    mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
-    mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-  }
-
-  @Test
-  public void testSimultaneousSuccess() throws TimeoutException, InterruptedException, ExecutionException, JsonProcessingException {
-    stubFor(post(urlPathEqualTo("/gcm/send"))
-                .willReturn(aResponse()
-                                .withStatus(200)
-                                .withBody(fixture("fixtures/response-success.json"))));
-
-    Sender                          sender  = new Sender("foobarbaz", mapper, 2, "http://localhost:" + wireMock.port() + "/gcm/send");
-    List<CompletableFuture<Result>> results = new LinkedList<>();
-
-    for (int i=0;i<1000;i++) {
-      results.add(sender.send(Message.newBuilder().withDestination("1").build()));
-    }
-
-    for (CompletableFuture<Result> future : results) {
-      Result result = future.get(60, TimeUnit.SECONDS);
-
-      if (!result.isSuccess()) {
-        throw new AssertionError(result.getError());
-      }
-    }
-  }
-
-  @Test
-  @Ignore
-  public void testSimultaneousFailure() throws TimeoutException, InterruptedException {
-    stubFor(post(urlPathEqualTo("/gcm/send"))
-                .willReturn(aResponse()
-                                .withStatus(503)));
-
-    Sender                         sender   = new Sender("foobarbaz", mapper, 2, "http://localhost:" + wireMock.port() + "/gcm/send");
-    List<CompletableFuture<Result>> futures = new LinkedList<>();
-
-    for (int i=0;i<1000;i++) {
-      futures.add(sender.send(Message.newBuilder().withDestination("1").build()));
-    }
-
-    for (CompletableFuture<Result> future : futures) {
-      try {
-        Result result = future.get(60, TimeUnit.SECONDS);
-      } catch (ExecutionException e) {
-        assertTrue(e.getCause().toString(), e.getCause() instanceof ServerFailedException);
-      }
-    }
-  }
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/util/FixtureHelpers.java

@@ -1,47 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.util;
-
-import com.google.common.base.Charsets;
-import com.google.common.io.Resources;
-
-import java.io.IOException;
-import java.nio.charset.Charset;
-
-/**
- * A set of helper method for fixture files.
- */
-public class FixtureHelpers {
-  private FixtureHelpers() { /* singleton */ }
-
-  /**
-   * Reads the given fixture file from the classpath (e. g. {@code src/test/resources})
-   * and returns its contents as a UTF-8 string.
-   *
-   * @param filename the filename of the fixture file
-   * @return the contents of {@code src/test/resources/{filename}}
-   * @throws IllegalArgumentException if an I/O error occurs.
-   */
-  public static String fixture(String filename) {
-    return fixture(filename, Charsets.UTF_8);
-  }
-
-  /**
-   * Reads the given fixture file from the classpath (e. g. {@code src/test/resources})
-   * and returns its contents as a string.
-   *
-   * @param filename the filename of the fixture file
-   * @param charset  the character set of {@code filename}
-   * @return the contents of {@code src/test/resources/{filename}}
-   * @throws IllegalArgumentException if an I/O error occurs.
-   */
-  private static String fixture(String filename, Charset charset) {
-    try {
-      return Resources.toString(Resources.getResource(filename), charset).trim();
-    } catch (IOException e) {
-      throw new IllegalArgumentException(e);
-    }
-  }
-}

gcm-sender-async/src/test/java/org/whispersystems/gcm/server/util/JsonHelpers.java

@@ -1,30 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.gcm.server.util;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
-import java.io.IOException;
-
-import static org.whispersystems.gcm.server.util.FixtureHelpers.fixture;
-
-public class JsonHelpers {
-
-  private static final ObjectMapper objectMapper = new ObjectMapper();
-
-  public static String asJson(Object object) throws JsonProcessingException {
-    return objectMapper.writeValueAsString(object);
-  }
-
-  public static <T> T fromJson(String value, Class<T> clazz) throws IOException {
-    return objectMapper.readValue(value, clazz);
-  }
-
-  public static String jsonFixture(String filename) throws IOException {
-    return objectMapper.writeValueAsString(objectMapper.readValue(fixture(filename), JsonNode.class));
-  }
-}

gcm-sender-async/src/test/resources/fixtures/message-complete.json

@@ -1,7 +0,0 @@
-{
-  "priority" : "high",
-  "collapse_key" : "collapse",
-  "time_to_live" : 10,
-  "delay_while_idle" : true,
-  "registration_ids" : ["1"]
-}

gcm-sender-async/src/test/resources/fixtures/message-data.json

@@ -1,7 +0,0 @@
-{
-  "data" : {
-    "key1" : "value1",
-    "key2" : "value2"
-  },
-  "registration_ids" : ["2"]
-}

gcm-sender-async/src/test/resources/fixtures/message-minimal.json

@@ -1,3 +0,0 @@
-{
-  "registration_ids" : ["1"]
-}

gcm-sender-async/src/test/resources/fixtures/response-not-registered.json

@@ -1,8 +0,0 @@
-{ "multicast_id": 216,
-  "success": 0,
-  "failure": 1,
-  "canonical_ids": 0,
-  "results": [
-    { "error": "NotRegistered"}
-  ]
-}

gcm-sender-async/src/test/resources/fixtures/response-success.json

@@ -1,8 +0,0 @@
-{ "multicast_id": 108,
-  "success": 1,
-  "failure": 0,
-  "canonical_ids": 0,
-  "results": [
-    { "message_id": "1:08" }
-  ]
-}

gcm-sender-async/src/test/resources/logback-test.xml

@@ -1,8 +0,0 @@
-<configuration>
-  <!-- Turning down the wiremock logging -->
-  <logger name="com.github.tomakehurst.wiremock" level="WARN"/>
-  <logger name="wiremock.org" level="ERROR"/>
-  <logger name="WireMock" level="WARN"/>
-  <!-- wiremock has per endpoint servlet logging -->
-  <logger name="/" level="WARN"/>
-</configuration>

mvnw

@@ -0,0 +1,316 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   M2_HOME - location of maven2's installed home dir
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /usr/local/etc/mavenrc ] ; then
+    . /usr/local/etc/mavenrc
+  fi
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+    # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+    # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+    if [ -z "$JAVA_HOME" ]; then
+      if [ -x "/usr/libexec/java_home" ]; then
+        export JAVA_HOME="`/usr/libexec/java_home`"
+      else
+        export JAVA_HOME="/Library/Java/Home"
+      fi
+    fi
+    ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+  ## resolve links - $0 may be a link to maven's home
+  PRG="$0"
+
+  # need this for relative symlinks
+  while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+      PRG="$link"
+    else
+      PRG="`dirname "$PRG"`/$link"
+    fi
+  done
+
+  saveddir=`pwd`
+
+  M2_HOME=`dirname "$PRG"`/..
+
+  # make it fully qualified
+  M2_HOME=`cd "$M2_HOME" && pwd`
+
+  cd "$saveddir"
+  # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --unix "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME="`(cd "$M2_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="`\\unset -f command; \\command -v java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+  if [ -z "$1" ]
+  then
+    echo "Path not specified to find_maven_basedir"
+    return 1
+  fi
+
+  basedir="$1"
+  wdir="$1"
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+    if [ -d "${wdir}" ]; then
+      wdir=`cd "$wdir/.."; pwd`
+    fi
+    # end of workaround
+  done
+  echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    echo "$(tr -s '\n' ' ' < "$1")"
+  fi
+}
+
+BASE_DIR=`find_maven_basedir "$(pwd)"`
+if [ -z "$BASE_DIR" ]; then
+  exit 1;
+fi
+
+##########################################################################################
+# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+# This allows using the maven wrapper in projects that prohibit checking in binary data.
+##########################################################################################
+if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Found .mvn/wrapper/maven-wrapper.jar"
+    fi
+else
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
+    fi
+    if [ -n "$MVNW_REPOURL" ]; then
+      jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    else
+      jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    fi
+    while IFS="=" read key value; do
+      case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
+      esac
+    done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Downloading from: $jarUrl"
+    fi
+    wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
+    if $cygwin; then
+      wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
+    fi
+
+    if command -v wget > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found wget ... using wget"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            wget "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        else
+            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        fi
+    elif command -v curl > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found curl ... using curl"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            curl -o "$wrapperJarPath" "$jarUrl" -f
+        else
+            curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
+        fi
+
+    else
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Falling back to using Java to download"
+        fi
+        javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
+        # For Cygwin, switch paths to Windows format before running javac
+        if $cygwin; then
+          javaClass=`cygpath --path --windows "$javaClass"`
+        fi
+        if [ -e "$javaClass" ]; then
+            if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Compiling MavenWrapperDownloader.java ..."
+                fi
+                # Compiling the Java class
+                ("$JAVA_HOME/bin/javac" "$javaClass")
+            fi
+            if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                # Running the downloader
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Running MavenWrapperDownloader.java ..."
+                fi
+                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
+            fi
+        fi
+    fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+if [ "$MVNW_VERBOSE" = true ]; then
+  echo $MAVEN_PROJECTBASEDIR
+fi
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --path --windows "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+  [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+    MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  $MAVEN_DEBUG_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.home=${M2_HOME}" \
+  "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"

mvnw.cmd

@@ -0,0 +1,188 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
+if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Found %WRAPPER_JAR%
+    )
+) else (
+    if not "%MVNW_REPOURL%" == "" (
+        SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    )
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Couldn't find %WRAPPER_JAR%, downloading it ...
+        echo Downloading from: %DOWNLOAD_URL%
+    )
+
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Finished downloading %WRAPPER_JAR%
+    )
+)
+@REM End of extension
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% ^
+  %JVM_CONFIG_MAVEN_PROPS% ^
+  %MAVEN_OPTS% ^
+  %MAVEN_DEBUG_OPTS% ^
+  -classpath %WRAPPER_JAR% ^
+  "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
+  %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
+if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%"=="on" pause
+
+if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
+
+cmd /C exit /B %ERROR_CODE%

pom.xml

@@ -35,39 +35,43 @@
   </pluginRepositories>
 
   <modules>
+    <module>event-logger</module>
     <module>redis-dispatch</module>
     <module>websocket-resources</module>
-    <module>gcm-sender-async</module>
     <module>service</module>
   </modules>
 
   <properties>
-    <aws.sdk.version>1.11.939</aws.sdk.version>
-    <aws.sdk2.version>2.16.66</aws.sdk2.version>
+    <aws.sdk.version>1.12.376</aws.sdk.version>
+    <aws.sdk2.version>2.19.8</aws.sdk2.version>
+    <braintree.version>3.19.0</braintree.version>
     <commons-codec.version>1.15</commons-codec.version>
-    <commons-csv.version>1.8</commons-csv.version>
+    <commons-csv.version>1.9.0</commons-csv.version>
     <commons-io.version>2.9.0</commons-io.version>
-    <dropwizard.version>2.0.25</dropwizard.version>
+    <dropwizard.version>2.0.34</dropwizard.version>
     <dropwizard-metrics-datadog.version>1.1.13</dropwizard-metrics-datadog.version>
-    <gson.version>2.8.8</gson.version>
-    <guava.version>30.1.1-jre</guava.version>
+    <google-cloud-libraries.version>26.1.3</google-cloud-libraries.version>
+    <grpc.version>1.51.1</grpc.version> <!-- this should be kept in sync with the value from Google’s libraries-bom -->
+    <gson.version>2.9.0</gson.version>
+    <jackson.version>2.13.4</jackson.version>
     <jaxb.version>2.3.1</jaxb.version>
     <jedis.version>2.9.0</jedis.version>
-    <lettuce.version>6.0.4.RELEASE</lettuce.version>
-    <libphonenumber.version>8.12.33</libphonenumber.version>
-    <logstash.logback.version>6.6</logstash.logback.version>
-    <micrometer.version>1.5.3</micrometer.version>
-    <mockito.version>4.0.0</mockito.version>
-    <netty.version>4.1.65.Final</netty.version>
-    <netty.tcnative-boringssl-static.version>2.0.39.Final</netty.tcnative-boringssl-static.version>
+    <kotlin.version>1.8.0</kotlin.version>
+    <kotlinx-serialization.version>1.4.1</kotlinx-serialization.version>
+    <lettuce.version>6.2.1.RELEASE</lettuce.version>
+    <libphonenumber.version>8.12.54</libphonenumber.version>
+    <logstash.logback.version>7.2</logstash.logback.version>
+    <micrometer.version>1.10.3</micrometer.version>
+    <mockito.version>4.11.0</mockito.version>
+    <netty.version>4.1.82.Final</netty.version>
     <opentest4j.version>1.2.0</opentest4j.version>
-    <postgresql.version>9.4-1201-jdbc41</postgresql.version>
-    <protobuf.version>3.17.1</protobuf.version>
-    <pushy.version>0.15.0</pushy.version>
-    <resilience4j.version>1.5.0</resilience4j.version>
+    <protobuf.version>3.21.7</protobuf.version>
+    <pushy.version>0.15.2</pushy.version>
+    <resilience4j.version>1.7.0</resilience4j.version>
     <semver4j.version>3.1.0</semver4j.version>
     <slf4j.version>1.7.30</slf4j.version>
-    <stripe.version>20.79.0</stripe.version>
+    <stripe.version>21.2.0</stripe.version>
+    <vavr.version>0.10.4</vavr.version>
 
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
@@ -78,6 +82,13 @@
 
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>com.fasterxml.jackson</groupId>
+        <artifactId>jackson-bom</artifactId>
+        <version>${jackson.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <groupId>io.dropwizard</groupId>
         <artifactId>dropwizard-dependencies</artifactId>
@@ -85,6 +96,13 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <!-- Needed for gRPC with Java 9+ -->
+      <dependency>
+        <groupId>org.apache.tomcat</groupId>
+        <artifactId>annotations-api</artifactId>
+        <version>6.0.53</version>
+        <scope>provided</scope>
+      </dependency>
       <dependency>
         <groupId>io.netty</groupId>
         <artifactId>netty-bom</artifactId>
@@ -109,7 +127,7 @@
       <dependency>
         <groupId>com.google.cloud</groupId>
         <artifactId>libraries-bom</artifactId>
-        <version>20.9.0</version>
+        <version>${google-cloud-libraries.version}</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -127,7 +145,20 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
-
+      <dependency>
+        <groupId>io.projectreactor</groupId>
+        <artifactId>reactor-bom</artifactId>
+        <version>2020.0.24</version> <!-- 3.4.x, see https://github.com/reactor/reactor#bom-versioning-scheme -->
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.jetbrains.kotlin</groupId>
+        <artifactId>kotlin-bom</artifactId>
+        <version>${kotlin.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <groupId>com.eatthepath</groupId>
         <artifactId>pushy</artifactId>
@@ -138,11 +169,6 @@
         <artifactId>pushy-dropwizard-metrics-listener</artifactId>
         <version>${pushy.version}</version>
       </dependency>
-      <dependency>
-        <groupId>com.google.guava</groupId>
-        <artifactId>guava</artifactId>
-        <version>${guava.version}</version>
-      </dependency>
       <dependency>
         <groupId>com.google.protobuf</groupId>
         <artifactId>protobuf-java</artifactId>
@@ -174,10 +200,9 @@
         <version>${lettuce.version}</version>
       </dependency>
       <dependency>
-        <groupId>io.netty</groupId>
-        <artifactId>netty-tcnative-boringssl-static</artifactId>
-        <version>${netty.tcnative-boringssl-static.version}</version>
-        <scope>runtime</scope>
+        <groupId>io.vavr</groupId>
+        <artifactId>vavr</artifactId>
+        <version>${vavr.version}</version>
       </dependency>
       <dependency>
         <groupId>javax.xml.bind</groupId>
@@ -223,12 +248,6 @@
         <version>${opentest4j.version}</version>
         <scope>test</scope>
       </dependency>
-      <dependency>
-        <groupId>org.postgresql</groupId>
-        <artifactId>postgresql</artifactId>
-        <version>${postgresql.version}</version>
-        <scope>runtime</scope>
-      </dependency>
       <dependency>
         <groupId>org.slf4j</groupId>
         <artifactId>slf4j-api</artifactId>
@@ -261,6 +280,11 @@
         <artifactId>stripe-java</artifactId>
         <version>${stripe.version}</version>
       </dependency>
+      <dependency>
+        <groupId>com.braintreepayments.gateway</groupId>
+        <artifactId>braintree-java</artifactId>
+        <version>${braintree.version}</version>
+      </dependency>
       <dependency>
         <groupId>com.google.code.gson</groupId>
         <artifactId>gson</artifactId>
@@ -269,20 +293,18 @@
       <dependency>
         <groupId>org.signal</groupId>
         <artifactId>embedded-redis</artifactId>
-        <version>0.8.1</version>
+        <version>0.8.3</version>
         <scope>test</scope>
       </dependency>
       <dependency>
-        <groupId>io.zonky.test.postgres</groupId>
-        <artifactId>embedded-postgres-binaries-bom</artifactId>
-        <version>11.13.0</version>
-        <type>pom</type>
-        <scope>import</scope>
+        <groupId>org.signal</groupId>
+        <artifactId>libsignal-server</artifactId>
+        <version>0.21.1</version>
       </dependency>
       <dependency>
         <groupId>org.apache.logging.log4j</groupId>
         <artifactId>log4j-bom</artifactId>
-        <version>2.16.0</version>
+        <version>2.17.1</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -299,7 +321,7 @@
     <dependency>
       <groupId>com.github.tomakehurst</groupId>
       <artifactId>wiremock-jre8</artifactId>
-      <version>2.32.0</version>
+      <version>2.35.0</version>
       <scope>test</scope>
       <exclusions>
         <exclusion>
@@ -324,8 +346,14 @@
       <scope>test</scope>
     </dependency>
     <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
+      <groupId>org.junit.jupiter</groupId>
+      <artifactId>junit-jupiter-api</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.junit-pioneer</groupId>
+      <artifactId>junit-pioneer</artifactId>
+      <version>1.9.1</version>
       <scope>test</scope>
     </dependency>
 
@@ -369,13 +397,16 @@
         <artifactId>protobuf-maven-plugin</artifactId>
         <version>0.6.1</version>
         <configuration>
-          <protocArtifact>com.google.protobuf:protoc:3.18.0:exe:${os.detected.classifier}</protocArtifact>
-          <checkStaleness>true</checkStaleness>
+          <checkStaleness>false</checkStaleness>
+          <protocArtifact>com.google.protobuf:protoc:3.21.1:exe:${os.detected.classifier}</protocArtifact>
+          <pluginId>grpc-java</pluginId>
+          <pluginArtifact>io.grpc:protoc-gen-grpc-java:${grpc.version}:exe:${os.detected.classifier}</pluginArtifact>
         </configuration>
         <executions>
           <execution>
             <goals>
               <goal>compile</goal>
+              <goal>compile-custom</goal>
               <goal>test-compile</goal>
             </goals>
           </execution>
@@ -451,7 +482,7 @@
               <rules>
                 <dependencyConvergence/>
                 <requireMavenVersion>
-                  <version>3.8.3</version>
+                  <version>3.8.6</version>
                 </requireMavenVersion>
               </rules>
             </configuration>

redis-dispatch/src/main/java/org/whispersystems/dispatch/redis/PubSubConnection.java

@@ -115,7 +115,7 @@ public class PubSubConnection {
     byte[]            channelName       = inputStream.readFully(channelNameHeader.getStringLength());
     inputStream.readLine();
 
-    IntReply subscriptionCount = new IntReply(inputStream.readLine());
+    new IntReply(inputStream.readLine());
 
     return new String(channelName);
   }

redis-dispatch/src/test/java/org/whispersystems/dispatch/DispatchManagerTest.java

@@ -4,28 +4,25 @@
  */
 package org.whispersystems.dispatch;
 
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.ExternalResource;
-import org.mockito.ArgumentCaptor;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-import org.whispersystems.dispatch.io.RedisPubSubConnectionFactory;
-import org.whispersystems.dispatch.redis.PubSubConnection;
-import org.whispersystems.dispatch.redis.PubSubReply;
-
-import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Optional;
-
-import static org.junit.Assert.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.mockito.Mockito.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.timeout;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Optional;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.stubbing.Answer;
+import org.whispersystems.dispatch.io.RedisPubSubConnectionFactory;
+import org.whispersystems.dispatch.redis.PubSubConnection;
+import org.whispersystems.dispatch.redis.PubSubReply;
+
 public class DispatchManagerTest {
 
   private PubSubConnection             pubSubConnection;
@@ -33,31 +30,23 @@ public class DispatchManagerTest {
   private DispatchManager              dispatchManager;
   private PubSubReplyInputStream       pubSubReplyInputStream;
 
-  @Rule
-  public ExternalResource resource = new ExternalResource() {
-    @Override
-    protected void before() throws Throwable {
-      pubSubConnection       = mock(PubSubConnection.class  );
-      socketFactory          = mock(RedisPubSubConnectionFactory.class);
-      pubSubReplyInputStream = new PubSubReplyInputStream();
+  @BeforeEach
+  void setUp() throws Exception {
+    pubSubConnection       = mock(PubSubConnection.class  );
+    socketFactory          = mock(RedisPubSubConnectionFactory.class);
+    pubSubReplyInputStream = new PubSubReplyInputStream();
 
-      when(socketFactory.connect()).thenReturn(pubSubConnection);
-      when(pubSubConnection.read()).thenAnswer(new Answer<PubSubReply>() {
-        @Override
-        public PubSubReply answer(InvocationOnMock invocationOnMock) throws Throwable {
-          return pubSubReplyInputStream.read();
-        }
-      });
+    when(socketFactory.connect()).thenReturn(pubSubConnection);
+    when(pubSubConnection.read()).thenAnswer((Answer<PubSubReply>) invocationOnMock -> pubSubReplyInputStream.read());
 
-      dispatchManager = new DispatchManager(socketFactory, Optional.empty());
-      dispatchManager.start();
-    }
+    dispatchManager = new DispatchManager(socketFactory, Optional.empty());
+    dispatchManager.start();
+  }
 
-    @Override
-    protected void after() {
-
-    }
-  };
+  @AfterEach
+  void tearDown() {
+    dispatchManager.shutdown();
+  }
 
   @Test
   public void testConnect() {
@@ -65,7 +54,7 @@ public class DispatchManagerTest {
   }
 
   @Test
-  public void testSubscribe() throws IOException {
+  public void testSubscribe() {
     DispatchChannel dispatchChannel = mock(DispatchChannel.class);
     dispatchManager.subscribe("foo", dispatchChannel);
     pubSubReplyInputStream.write(new PubSubReply(PubSubReply.Type.SUBSCRIBE, "foo", Optional.empty()));
@@ -74,7 +63,7 @@ public class DispatchManagerTest {
   }
 
   @Test
-  public void testSubscribeUnsubscribe() throws IOException {
+  public void testSubscribeUnsubscribe() {
     DispatchChannel dispatchChannel = mock(DispatchChannel.class);
     dispatchManager.subscribe("foo", dispatchChannel);
     dispatchManager.unsubscribe("foo", dispatchChannel);
@@ -86,7 +75,7 @@ public class DispatchManagerTest {
   }
 
   @Test
-  public void testMessages() throws IOException {
+  public void testMessages() {
     DispatchChannel fooChannel = mock(DispatchChannel.class);
     DispatchChannel barChannel = mock(DispatchChannel.class);
 

redis-dispatch/src/test/java/org/whispersystems/dispatch/redis/PubSubConnectionTest.java

@@ -4,9 +4,9 @@
  */
 package org.whispersystems.dispatch.redis;
 
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.mock;
@@ -18,12 +18,12 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.Socket;
 import java.security.SecureRandom;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentCaptor;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
 
-public class PubSubConnectionTest {
+class PubSubConnectionTest {
 
   private static final String REPLY = "*3\r\n" +
       "$9\r\n" +
@@ -60,8 +60,7 @@ public class PubSubConnectionTest {
 
 
   @Test
-  public void testSubscribe() throws IOException {
-//    ByteChannel      byteChannel = mock(ByteChannel.class);
+  void testSubscribe() throws IOException {
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );
     when(socket.getOutputStream()).thenReturn(outputStream);
@@ -76,7 +75,7 @@ public class PubSubConnectionTest {
   }
 
   @Test
-  public void testUnsubscribe() throws IOException {
+  void testUnsubscribe() throws IOException {
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );
     when(socket.getOutputStream()).thenReturn(outputStream);
@@ -91,7 +90,7 @@ public class PubSubConnectionTest {
   }
 
   @Test
-  public void testTricklyResponse() throws Exception {
+  void testTricklyResponse() throws Exception {
     InputStream  inputStream  = mockInputStreamFor(new TrickleInputStream(REPLY.getBytes()));
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );
@@ -103,7 +102,7 @@ public class PubSubConnectionTest {
   }
 
   @Test
-  public void testFullResponse() throws Exception {
+  void testFullResponse() throws Exception {
     InputStream  inputStream  = mockInputStreamFor(new FullInputStream(REPLY.getBytes()));
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );
@@ -115,7 +114,7 @@ public class PubSubConnectionTest {
   }
 
   @Test
-  public void testRandomLengthResponse() throws Exception {
+  void testRandomLengthResponse() throws Exception {
     InputStream  inputStream  = mockInputStreamFor(new RandomInputStream(REPLY.getBytes()));
     OutputStream outputStream = mock(OutputStream.class);
     Socket       socket       = mock(Socket.class      );

redis-dispatch/src/test/java/org/whispersystems/dispatch/redis/protocol/ArrayReplyHeaderTest.java

@@ -5,42 +5,41 @@
 package org.whispersystems.dispatch.redis.protocol;
 
 
-import org.junit.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.IOException;
+import org.junit.jupiter.api.Test;
 
-import static org.junit.Assert.assertEquals;
+class ArrayReplyHeaderTest {
 
-public class ArrayReplyHeaderTest {
-
-
-  @Test(expected = IOException.class)
-  public void testNull() throws IOException {
-    new ArrayReplyHeader(null);
-  }
-
-  @Test(expected = IOException.class)
-  public void testBadPrefix() throws IOException {
-    new ArrayReplyHeader(":3");
-  }
-
-  @Test(expected = IOException.class)
-  public void testEmpty() throws IOException {
-    new ArrayReplyHeader("");
-  }
-
-  @Test(expected = IOException.class)
-  public void testTruncated() throws IOException {
-    new ArrayReplyHeader("*");
-  }
-
-  @Test(expected = IOException.class)
-  public void testBadNumber() throws IOException {
-    new ArrayReplyHeader("*ABC");
+  @Test
+  void testNull() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader(null));
   }
 
   @Test
-  public void testValid() throws IOException {
+  void testBadPrefix() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader(":3"));
+  }
+
+  @Test
+  void testEmpty() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader(""));
+  }
+
+  @Test
+  void testTruncated() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader("*"));
+  }
+
+  @Test
+  void testBadNumber() {
+    assertThrows(IOException.class, () -> new ArrayReplyHeader("*ABC"));
+  }
+
+  @Test
+  void testValid() throws IOException {
     assertEquals(4, new ArrayReplyHeader("*4").getElementCount());
   }
 

redis-dispatch/src/test/java/org/whispersystems/dispatch/redis/protocol/IntReplyHeaderTest.java

@@ -4,36 +4,36 @@
  */
 package org.whispersystems.dispatch.redis.protocol;
 
-import org.junit.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.IOException;
+import org.junit.jupiter.api.Test;
 
-import static org.junit.Assert.assertEquals;
+class IntReplyHeaderTest {
 
-public class IntReplyHeaderTest {
-
-  @Test(expected = IOException.class)
-  public void testNull() throws IOException {
-    new IntReply(null);
-  }
-
-  @Test(expected = IOException.class)
-  public void testEmpty() throws IOException {
-    new IntReply("");
-  }
-
-  @Test(expected = IOException.class)
-  public void testBadNumber() throws IOException {
-    new IntReply(":A");
-  }
-
-  @Test(expected = IOException.class)
-  public void testBadFormat() throws IOException {
-    new IntReply("*");
+  @Test
+  void testNull() {
+    assertThrows(IOException.class, () -> new IntReply(null));
   }
 
   @Test
-  public void testValid() throws IOException {
+  void testEmpty() {
+    assertThrows(IOException.class, () -> new IntReply(""));
+  }
+
+  @Test
+  void testBadNumber() {
+    assertThrows(IOException.class, () -> new IntReply(":A"));
+  }
+
+  @Test
+  void testBadFormat() {
+    assertThrows(IOException.class, () -> new IntReply("*"));
+  }
+
+  @Test
+  void testValid() throws IOException {
     assertEquals(23, new IntReply(":23").getValue());
   }
 }

redis-dispatch/src/test/java/org/whispersystems/dispatch/redis/protocol/StringReplyHeaderTest.java

@@ -4,48 +4,32 @@
  */
 package org.whispersystems.dispatch.redis.protocol;
 
-import org.junit.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.IOException;
+import org.junit.jupiter.api.Test;
 
-import static org.junit.Assert.assertEquals;
-
-public class StringReplyHeaderTest {
+class StringReplyHeaderTest {
 
   @Test
-  public void testNull() {
-    try {
-      new StringReplyHeader(null);
-      throw new AssertionError();
-    } catch (IOException e) {
-      // good
-    }
+  void testNull() {
+    assertThrows(IOException.class, () -> new StringReplyHeader(null));
   }
 
   @Test
-  public void testBadNumber() {
-    try {
-      new StringReplyHeader("$100A");
-      throw new AssertionError();
-    } catch (IOException e) {
-      // good
-    }
+  void testBadNumber() {
+    assertThrows(IOException.class, () -> new StringReplyHeader("$100A"));
   }
 
   @Test
-  public void testBadPrefix() {
-    try {
-      new StringReplyHeader("*");
-      throw new AssertionError();
-    } catch (IOException e) {
-      // good
-    }
+  void testBadPrefix() {
+    assertThrows(IOException.class, () -> new StringReplyHeader("*"));
   }
 
   @Test
-  public void testValid() throws IOException {
+  void testValid() throws IOException {
     assertEquals(1000, new StringReplyHeader("$1000").getStringLength());
   }
 
-
 }

service/config/sample.yml

@@ -3,11 +3,37 @@
 # `unset` values will need to be set to work properly.
 # Most other values are technically valid for a local/demonstration environment, but are probably not production-ready.
 
+adminEventLoggingConfiguration:
+  credentials: |
+    Some credentials text
+    blah blah blah
+  projectId: some-project-id
+  logName: some-log-name
+
 stripe:
   apiKey: unset
   idempotencyKeyGenerator: abcdefg12345678= # base64 for creating request idempotency hash
   boostDescription: >
     Example
+  supportedCurrencies:
+    - xts
+  # - ...
+  # - Nth supported currency
+
+
+braintree:
+  merchantId: unset
+  publicKey: unset
+  privateKey: unset
+  environment: unset
+  graphqlUrl: unset
+  merchantAccounts:
+    # ISO 4217 currency code and its corresponding sub-merchant account
+    'xts': unset
+  supportedCurrencies:
+    - xts
+  # - ...
+  # - Nth supported currency
 
 dynamoDbClientConfiguration:
   region: us-west-2 # AWS Region
@@ -55,40 +81,6 @@ dynamoDbTables:
   subscriptions:
     tableName: Example_Subscriptions
 
-twilio: # Twilio gateway configuration
-  accountId: unset
-  accountToken: unset
-  nanpaMessagingServiceSid: unset # Twilio SID for the messaging service to use for NANPA.
-  messagingServiceSid: unset # Twilio SID for the message service to use for non-NANPA.
-  verifyServiceSid: unset # Twilio SID for a Verify service
-  localDomain: example.com # Domain Twilio can connect back to for calls. Should be domain of your service.
-  defaultClientVerificationTexts:
-    ios: example %1$s # Text to use for the verification message on iOS. Will be passed to String.format with the verification code as argument 1.
-    androidNg: example %1$s # Text to use for the verification message on android-ng client types. Will be passed to String.format with the verification code as argument 1.
-    android202001: example %1$s # Text to use for the verification message on android-2020-01 client types. Will be passed to String.format with the verification code as argument 1.
-    android202103: example %1$s # Text to use for the verification message on android-2021-03 client types. Will be passed to String.format with the verification code as argument 1.
-    generic: example %1$s # Text to use when the client type is unrecognized. Will be passed to String.format with the verification code as argument 1.
-  regionalClientVerificationTexts: # Map of country codes to custom texts
-    999: # example country code
-      ios: example %1$s # all keys from defaultClientVerificationTexts are required
-      androidNg: example %1$s
-      android202001: example %1$s
-      android202103: example %1$s
-      generic: example %1$s
-  androidAppHash: example # Hash appended to Android
-  verifyServiceFriendlyName: example # Service name used in template. Requires Twilio account rep to enable
-
-push:
-  queueSize: 1000 # Size of push pending queue
-
-turn: # TURN server configuration
-  secret: example # TURN server secret
-  uris:
-    - stun:example.com:80
-    - stun:another.example.com:443
-    - turn:example.com:443?transport=udp
-    - turn:ya.example.com:80?transport=udp
-
 cacheCluster: # Redis server configuration for cache cluster
   configurationUri: redis://redis.example.com:6379/
 
@@ -119,32 +111,34 @@ directory:
     - replicationName: example           # CDS replication name
       replicationUrl: cds.example.com    # CDS replication endpoint base url
       replicationPassword: example       # CDS replication endpoint password
-      replicationCaCertificate: |        # CDS replication endpoint TLS certificate trust root
-        -----BEGIN CERTIFICATE-----
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        AAAAAAAAAAAAAAAAAAAA
-        -----END CERTIFICATE-----
+      replicationCaCertificates:         # CDS replication endpoint TLS certificate trust root
+        - |
+          -----BEGIN CERTIFICATE-----
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          AAAAAAAAAAAAAAAAAAAA
+          -----END CERTIFICATE-----
 
 directoryV2:
   client: # Configuration for interfacing with Contact Discovery Service v2 cluster
     userAuthenticationTokenSharedSecret: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG= # base64-encoded secret shared with CDS to generate auth tokens for Signal users
+    userIdTokenSharedSecret: bbcdefghijklmnopqrstuvwxyz0123456789ABCDEFG= # base64-encoded secret shared with CDS to generate auth identity tokens for Signal users
 
 messageCache: # Redis server configuration for message store cache
   persistDelayMinutes: 1
@@ -195,12 +189,6 @@ gcpAttachments: # GCP Storage configuration
     AAAAAAAA
     -----END PRIVATE KEY-----
 
-abuseDatabase: # Postgresql database configuration
-  driverClass: org.postgresql.Driver
-  user: example
-  password: password
-  url: jdbc:postgresql://example.com:5432/abusedb
-
 accountDatabaseCrawler:
   chunkSize: 10           # accounts per run
   chunkIntervalMs: 60000  # time per run
@@ -218,9 +206,9 @@ apn: # Apple Push Notifications configuration
     AAAAAAAA
     -----END PRIVATE KEY-----
 
-gcm: # GCM Configuration
-  senderId: 123456789
-  apiKey: unset
+fcm: # FCM configuration
+  credentials: |
+    { "json": true }
 
 cdn:
   accessKey: test    # AWS Access Key ID
@@ -243,65 +231,65 @@ voiceVerification:
     - en
 
 recaptcha:
-  secret: unset
-
-recaptchaV2:
-  siteKey: unset
-  scoreFloor: 1.0
   projectPath: projects/example
   credentialConfigurationJson: "{ }" # service account configuration for backend authentication
 
+hCaptcha:
+  apiKey: unset
+
 storageService:
   uri: storage.example.com
   userAuthenticationTokenSharedSecret: 00000f
-  storageCaCertificate: |
-    -----BEGIN CERTIFICATE-----
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    AAAAAAAAAAAAAAAAAAAA
-    -----END CERTIFICATE-----
+  storageCaCertificates:
+    - |
+      -----BEGIN CERTIFICATE-----
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      AAAAAAAAAAAAAAAAAAAA
+      -----END CERTIFICATE-----
 
 backupService:
   uri: backup.example.com
   userAuthenticationTokenSharedSecret: 00000f
-  backupCaCertificate: |
-    -----BEGIN CERTIFICATE-----
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    AAAAAAAAAAAAAAAAAAAA
-    -----END CERTIFICATE-----
+  backupCaCertificates:
+    - |
+      -----BEGIN CERTIFICATE-----
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      AAAAAAAAAAAAAAAAAAAA
+      -----END CERTIFICATE-----
 
 zkConfig:
   serverPublic: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
@@ -324,17 +312,16 @@ remoteConfig:
 paymentsService:
   userAuthenticationTokenSharedSecret: 0000000f0000000f0000000f0000000f0000000f0000000f0000000f0000000f # hex-encoded 32-byte secret shared with MobileCoin services used to generate auth tokens for Signal users
   fixerApiKey: unset
+  coinMarketCapApiKey: unset
+  coinMarketCapCurrencyIds:
+    MOB: 7878
   paymentCurrencies:
     # list of symbols for supported currencies
     - MOB
 
-donation:
-  uri: donation.example.com # value
-  supportedCurrencies:
-    - # 1st supported currency
-    - # 2nd supported currency
-    - # ...
-    - # Nth supported currency
+artService:
+  userAuthenticationTokenSharedSecret: 0000000f0000000f0000000f0000000f0000000f0000000f0000000f0000000f # hex-encoded 32-byte secret not shared with any external service, but used in ArtController
+  userAuthenticationTokenUserIdSecret: 00000f # hex-encoded secret to obscure user phone numbers from Sticker Creator
 
 badges:
   badges:
@@ -365,18 +352,54 @@ subscription: # configuration for Stripe subscriptions
         # list of ISO 4217 currency codes and amounts for the given badge level
         xts:
           amount: '10'
-          id: price_example # stripe ID
+          processorIds:
+            STRIPE: price_example   # stripe Price ID
+            BRAINTREE: plan_example # braintree Plan ID
 
-boost:
-  level: 1
-  expiration: P90D
-  badge: EXAMPLE
+oneTimeDonations:
+  boost:
+    level: 1
+    expiration: P90D
+    badge: EXAMPLE
+  gift:
+    level: 10
+    expiration: P90D
+    badge: EXAMPLE
   currencies:
     # ISO 4217 currency codes and amounts in those currencies
     xts:
-      - '1'
-      - '2'
-      - '4'
-      - '8'
-      - '20'
-      - '40'
+      minimum: '0.5'
+      gift: '2'
+      boosts:
+        - '1'
+        - '2'
+        - '4'
+        - '8'
+        - '20'
+        - '40'
+
+registrationService:
+  host: registration.example.com
+  apiKey: EXAMPLE
+  registrationCaCertificate: | # Registration service TLS certificate trust root
+    -----BEGIN CERTIFICATE-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAAAAAAAAAAAAAA
+    -----END CERTIFICATE-----

service/pom.xml

@@ -24,6 +24,11 @@
       <artifactId>jakarta.ws.rs-api</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>org.whispersystems.textsecure</groupId>
+      <artifactId>event-logger</artifactId>
+      <version>${project.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.whispersystems.textsecure</groupId>
       <artifactId>redis-dispatch</artifactId>
@@ -34,30 +39,15 @@
       <artifactId>websocket-resources</artifactId>
       <version>${project.version}</version>
     </dependency>
-    <dependency>
-      <groupId>org.whispersystems.textsecure</groupId>
-      <artifactId>gcm-sender-async</artifactId>
-      <version>${project.version}</version>
-    </dependency>
     <dependency>
       <groupId>org.signal</groupId>
-      <artifactId>zkgroup-java</artifactId>
-      <version>0.9.0</version>
-    </dependency>
-    <dependency>
-      <groupId>org.whispersystems</groupId>
-      <artifactId>curve25519-java</artifactId>
-      <version>0.5.0</version>
+      <artifactId>libsignal-server</artifactId>
     </dependency>
 
     <dependency>
       <groupId>io.dropwizard</groupId>
       <artifactId>dropwizard-core</artifactId>
     </dependency>
-    <dependency>
-      <groupId>io.dropwizard</groupId>
-      <artifactId>dropwizard-jdbi3</artifactId>
-    </dependency>
     <dependency>
       <groupId>io.dropwizard</groupId>
       <artifactId>dropwizard-auth</artifactId>
@@ -129,24 +119,10 @@
       <artifactId>logstash-logback-encoder</artifactId>
     </dependency>
 
-    <dependency>
-      <groupId>org.jdbi</groupId>
-      <artifactId>jdbi3-core</artifactId>
-    </dependency>
-
-    <dependency>
-      <groupId>org.liquibase</groupId>
-      <artifactId>liquibase-core</artifactId>
-    </dependency>
-
     <dependency>
       <groupId>io.dropwizard.metrics</groupId>
       <artifactId>metrics-core</artifactId>
     </dependency>
-    <dependency>
-      <groupId>io.dropwizard.metrics</groupId>
-      <artifactId>metrics-jdbi3</artifactId>
-    </dependency>
     <dependency>
       <groupId>io.dropwizard.metrics</groupId>
       <artifactId>metrics-healthchecks</artifactId>
@@ -176,6 +152,12 @@
       <groupId>io.dropwizard</groupId>
       <artifactId>dropwizard-testing</artifactId>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>junit</groupId>
+          <artifactId>junit</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -200,6 +182,12 @@
       <artifactId>commons-csv</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>com.google.firebase</groupId>
+      <artifactId>firebase-admin</artifactId>
+      <version>9.1.1</version>
+    </dependency>
+
     <dependency>
       <groupId>com.google.code.findbugs</groupId>
       <artifactId>jsr305</artifactId>
@@ -213,6 +201,30 @@
       <groupId>io.github.resilience4j</groupId>
       <artifactId>resilience4j-retry</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.github.resilience4j</groupId>
+      <artifactId>resilience4j-reactor</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-netty-shaded</artifactId>
+      <scope>runtime</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-protobuf</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-stub</artifactId>
+    </dependency>
+    <!-- Needed for gRPC with Java 9+ -->
+    <dependency>
+      <groupId>org.apache.tomcat</groupId>
+      <artifactId>annotations-api</artifactId>
+      <scope>provided</scope>
+    </dependency>
 
     <dependency>
       <groupId>io.micrometer</groupId>
@@ -272,12 +284,12 @@
       <artifactId>appconfig</artifactId>
     </dependency>
     <dependency>
-      <groupId>com.amazonaws</groupId>
-      <artifactId>aws-java-sdk-core</artifactId>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>appconfigdata</artifactId>
     </dependency>
     <dependency>
       <groupId>com.amazonaws</groupId>
-      <artifactId>aws-java-sdk-s3</artifactId>
+      <artifactId>aws-java-sdk-core</artifactId>
     </dependency>
     <dependency>
       <groupId>com.amazonaws</groupId>
@@ -301,12 +313,6 @@
       <artifactId>lettuce-core</artifactId>
     </dependency>
 
-    <dependency>
-      <groupId>org.postgresql</groupId>
-      <artifactId>postgresql</artifactId>
-      <scope>runtime</scope>
-    </dependency>
-
     <dependency>
       <groupId>com.eatthepath</groupId>
       <artifactId>pushy</artifactId>
@@ -316,12 +322,6 @@
       <artifactId>pushy-dropwizard-metrics-listener</artifactId>
     </dependency>
 
-    <dependency>
-      <groupId>io.netty</groupId>
-      <artifactId>netty-tcnative-boringssl-static</artifactId>
-      <scope>runtime</scope>
-    </dependency>
-
     <dependency>
       <groupId>com.vdurmont</groupId>
       <artifactId>semver4j</artifactId>
@@ -351,6 +351,12 @@
       <groupId>org.glassfish.jersey.test-framework</groupId>
       <artifactId>jersey-test-framework-core</artifactId>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>junit</groupId>
+          <artifactId>junit</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.glassfish.jersey.test-framework.providers</groupId>
@@ -368,13 +374,6 @@
       </exclusions>
     </dependency>
 
-    <dependency>
-      <groupId>io.zonky.test</groupId>
-      <artifactId>embedded-postgres</artifactId>
-      <version>1.3.1</version>
-      <scope>test</scope>
-    </dependency>
-
     <dependency>
       <groupId>com.almworks.sqlite4java</groupId>
       <artifactId>sqlite4java</artifactId>
@@ -385,23 +384,21 @@
     <dependency>
       <groupId>io.projectreactor</groupId>
       <artifactId>reactor-core</artifactId>
-      <version>3.3.16.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>io.vavr</groupId>
+      <artifactId>vavr</artifactId>
     </dependency>
 
-    <dependency>
-      <groupId>org.junit.jupiter</groupId>
-      <artifactId>junit-jupiter-api</artifactId>
-      <scope>test</scope>
-    </dependency>
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter-params</artifactId>
       <scope>test</scope>
     </dependency>
+
     <dependency>
-      <groupId>org.junit.vintage</groupId>
-      <artifactId>junit-vintage-engine</artifactId>
-      <scope>test</scope>
+      <groupId>io.projectreactor</groupId>
+      <artifactId>reactor-test</artifactId>
     </dependency>
 
     <dependency>
@@ -413,21 +410,15 @@
     <dependency>
       <groupId>com.fasterxml.uuid</groupId>
       <artifactId>java-uuid-generator</artifactId>
-      <version>3.2.0</version>
+      <version>4.0.1</version>
       <scope>test</scope>
     </dependency>
 
     <dependency>
       <groupId>com.amazonaws</groupId>
       <artifactId>DynamoDBLocal</artifactId>
-      <version>1.16.0</version>
+      <version>1.20.0</version>
       <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <groupId>org.antlr</groupId>
-          <artifactId>antlr4-runtime</artifactId>
-        </exclusion>
-      </exclusions>
     </dependency>
 
     <dependency>
@@ -441,11 +432,16 @@
     </dependency>
 
     <dependency>
-      <groupId>pl.pragmatists</groupId>
-      <artifactId>JUnitParams</artifactId>
-      <version>1.1.1</version>
-      <scope>test</scope>
+      <groupId>com.braintreepayments.gateway</groupId>
+      <artifactId>braintree-java</artifactId>
     </dependency>
+
+    <dependency>
+      <groupId>com.apollographql.apollo3</groupId>
+      <artifactId>apollo-api-jvm</artifactId>
+      <version>3.7.1</version>
+    </dependency>
+
   </dependencies>
 
   <profiles>
@@ -601,6 +597,31 @@
           </arguments>
         </configuration>
       </plugin>
+
+      <plugin>
+        <groupId>com.github.aoudiamoncef</groupId>
+        <artifactId>apollo-client-maven-plugin</artifactId>
+        <version>5.0.0</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>generate</goal>
+            </goals>
+            <configuration>
+              <services>
+                <braintree>
+                  <compilationUnit>
+                    <name>braintree</name>
+                    <compilerParams>
+                      <schemaPackageName>com.braintree.graphql.client</schemaPackageName>
+                    </compilerParams>
+                  </compilationUnit>
+                </braintree>
+              </services>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
     </plugins>
   </build>
 </project>

service/src/main/graphql/braintree/ChargePayPalOneTimePayment.graphql

@@ -0,0 +1,9 @@
+# https://graphql.braintreepayments.com/reference/#Mutation--chargePaymentMethod
+mutation ChargePayPalOneTimePayment($input: ChargePaymentMethodInput!) {
+  chargePaymentMethod(input: $input) {
+    transaction {
+      id,
+      status
+    }
+  }
+}

service/src/main/graphql/braintree/CreatePayPalBillingAgreement.graphql

@@ -0,0 +1,6 @@
+mutation CreatePayPalBillingAgreement($input: CreatePayPalBillingAgreementInput!) {
+  createPayPalBillingAgreement(input: $input) {
+    approvalUrl,
+    billingAgreementToken
+  }
+}

service/src/main/graphql/braintree/CreatePayPalOneTimePayment.graphql

@@ -0,0 +1,7 @@
+# https://graphql.braintreepayments.com/reference/#Mutation--createPayPalOneTimePayment
+mutation CreatePayPalOneTimePayment($input: CreatePayPalOneTimePaymentInput!) {
+  createPayPalOneTimePayment(input: $input) {
+    approvalUrl,
+    paymentId
+  }
+}

service/src/main/graphql/braintree/TokenizePayPalBillingAgreement.graphql

@@ -0,0 +1,7 @@
+mutation TokenizePayPalBillingAgreement($input: TokenizePayPalBillingAgreementInput!) {
+  tokenizePayPalBillingAgreement(input: $input) {
+    paymentMethod {
+      id
+    }
+  }
+}

service/src/main/graphql/braintree/TokenizePayPalOneTimePayment.graphql

@@ -0,0 +1,8 @@
+# https://graphql.braintreepayments.com/reference/#Mutation--tokenizePayPalOneTimePayment
+mutation TokenizePayPalOneTimePayment($input: TokenizePayPalOneTimePaymentInput!) {
+  tokenizePayPalOneTimePayment(input: $input) {
+    paymentMethod {
+      id
+    }
+  }
+}

service/src/main/graphql/braintree/VaultPaymentMethod.graphql

@@ -0,0 +1,7 @@
+mutation VaultPaymentMethod($input: VaultPaymentMethodInput!) {
+  vaultPaymentMethod(input: $input) {
+    paymentMethod {
+      id
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerConfiguration.java

@@ -1,12 +1,11 @@
 /*
- * Copyright 2013-2021 Signal Messenger, LLC
+ * Copyright 2013 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import io.dropwizard.Configuration;
-import io.dropwizard.client.JerseyClientConfiguration;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@@ -15,30 +14,31 @@ import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 import org.whispersystems.textsecuregcm.configuration.AbusiveMessageFilterConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AccountDatabaseCrawlerConfiguration;
+import org.whispersystems.textsecuregcm.configuration.AdminEventLoggingConfiguration;
 import org.whispersystems.textsecuregcm.configuration.ApnConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AppConfigConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AwsAttachmentsConfiguration;
 import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
-import org.whispersystems.textsecuregcm.configuration.BoostConfiguration;
+import org.whispersystems.textsecuregcm.configuration.BraintreeConfiguration;
 import org.whispersystems.textsecuregcm.configuration.CdnConfiguration;
-import org.whispersystems.textsecuregcm.configuration.DatabaseConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DatadogConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DirectoryConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DirectoryV2Configuration;
-import org.whispersystems.textsecuregcm.configuration.DonationConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DynamoDbClientConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DynamoDbTables;
-import org.whispersystems.textsecuregcm.configuration.GcmConfiguration;
+import org.whispersystems.textsecuregcm.configuration.FcmConfiguration;
 import org.whispersystems.textsecuregcm.configuration.GcpAttachmentsConfiguration;
+import org.whispersystems.textsecuregcm.configuration.HCaptchaConfiguration;
 import org.whispersystems.textsecuregcm.configuration.MaxDeviceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.MessageCacheConfiguration;
+import org.whispersystems.textsecuregcm.configuration.OneTimeDonationConfiguration;
 import org.whispersystems.textsecuregcm.configuration.PaymentsServiceConfiguration;
-import org.whispersystems.textsecuregcm.configuration.PushConfiguration;
+import org.whispersystems.textsecuregcm.configuration.ArtServiceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RateLimitsConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RecaptchaConfiguration;
-import org.whispersystems.textsecuregcm.configuration.RecaptchaV2Configuration;
 import org.whispersystems.textsecuregcm.configuration.RedisClusterConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RedisConfiguration;
+import org.whispersystems.textsecuregcm.configuration.RegistrationServiceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RemoteConfigConfiguration;
 import org.whispersystems.textsecuregcm.configuration.ReportMessageConfiguration;
 import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
@@ -46,9 +46,8 @@ import org.whispersystems.textsecuregcm.configuration.SecureStorageServiceConfig
 import org.whispersystems.textsecuregcm.configuration.StripeConfiguration;
 import org.whispersystems.textsecuregcm.configuration.SubscriptionConfiguration;
 import org.whispersystems.textsecuregcm.configuration.TestDeviceConfiguration;
-import org.whispersystems.textsecuregcm.configuration.TurnConfiguration;
-import org.whispersystems.textsecuregcm.configuration.TwilioConfiguration;
 import org.whispersystems.textsecuregcm.configuration.UnidentifiedDeliveryConfiguration;
+import org.whispersystems.textsecuregcm.configuration.UsernameConfiguration;
 import org.whispersystems.textsecuregcm.configuration.VoiceVerificationConfiguration;
 import org.whispersystems.textsecuregcm.configuration.ZkConfig;
 import org.whispersystems.websocket.configuration.WebSocketConfiguration;
@@ -56,11 +55,21 @@ import org.whispersystems.websocket.configuration.WebSocketConfiguration;
 /** @noinspection MismatchedQueryAndUpdateOfCollection, WeakerAccess */
 public class WhisperServerConfiguration extends Configuration {
 
+  @NotNull
+  @Valid
+  @JsonProperty
+  private AdminEventLoggingConfiguration adminEventLoggingConfiguration;
+
   @NotNull
   @Valid
   @JsonProperty
   private StripeConfiguration stripe;
 
+  @NotNull
+  @Valid
+  @JsonProperty
+  private BraintreeConfiguration braintree;
+
   @NotNull
   @Valid
   @JsonProperty
@@ -71,16 +80,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private DynamoDbTables dynamoDbTables;
 
-  @NotNull
-  @Valid
-  @JsonProperty
-  private TwilioConfiguration twilio;
-
-  @NotNull
-  @Valid
-  @JsonProperty
-  private PushConfiguration push;
-
   @NotNull
   @Valid
   @JsonProperty
@@ -151,11 +150,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private RedisClusterConfiguration clientPresenceCluster;
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DatabaseConfiguration abuseDatabase;
-
   @Valid
   @NotNull
   @JsonProperty
@@ -171,11 +165,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private RateLimitsConfiguration limits = new RateLimitsConfiguration();
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private JerseyClientConfiguration httpClient = new JerseyClientConfiguration();
-
   @Valid
   @NotNull
   @JsonProperty
@@ -184,12 +173,7 @@ public class WhisperServerConfiguration extends Configuration {
   @Valid
   @NotNull
   @JsonProperty
-  private TurnConfiguration turn;
-
-  @Valid
-  @NotNull
-  @JsonProperty
-  private GcmConfiguration gcm;
+  private FcmConfiguration fcm;
 
   @Valid
   @NotNull
@@ -214,7 +198,7 @@ public class WhisperServerConfiguration extends Configuration {
   @Valid
   @NotNull
   @JsonProperty
-  private RecaptchaV2Configuration recaptchaV2;
+  private HCaptchaConfiguration hCaptcha;
 
   @Valid
   @NotNull
@@ -231,6 +215,11 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private PaymentsServiceConfiguration paymentsService;
 
+  @Valid
+  @NotNull
+  @JsonProperty
+  private ArtServiceConfiguration artService;
+
   @Valid
   @NotNull
   @JsonProperty
@@ -246,11 +235,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private AppConfigConfiguration appConfig;
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DonationConfiguration donation;
-
   @Valid
   @NotNull
   @JsonProperty
@@ -264,23 +248,39 @@ public class WhisperServerConfiguration extends Configuration {
   @Valid
   @JsonProperty
   @NotNull
-  private BoostConfiguration boost;
+  private OneTimeDonationConfiguration oneTimeDonations;
 
   @Valid
   @NotNull
   @JsonProperty
   private ReportMessageConfiguration reportMessage = new ReportMessageConfiguration();
 
+  @Valid
+  @NotNull
+  @JsonProperty
+  private UsernameConfiguration username = new UsernameConfiguration();
+
   @Valid
   @JsonProperty
   private AbusiveMessageFilterConfiguration abusiveMessageFilter;
 
-  private Map<String, String> transparentDataIndex = new HashMap<>();
+  @Valid
+  @NotNull
+  @JsonProperty
+  private RegistrationServiceConfiguration registrationService;
+
+  public AdminEventLoggingConfiguration getAdminEventLoggingConfiguration() {
+    return adminEventLoggingConfiguration;
+  }
 
   public StripeConfiguration getStripe() {
     return stripe;
   }
 
+  public BraintreeConfiguration getBraintree() {
+    return braintree;
+  }
+
   public DynamoDbClientConfiguration getDynamoDbClientConfiguration() {
     return dynamoDbClientConfiguration;
   }
@@ -293,8 +293,8 @@ public class WhisperServerConfiguration extends Configuration {
     return recaptcha;
   }
 
-  public RecaptchaV2Configuration getRecaptchaV2Configuration() {
-    return recaptchaV2;
+  public HCaptchaConfiguration getHCaptchaConfiguration() {
+    return hCaptcha;
   }
 
   public VoiceVerificationConfiguration getVoiceVerificationConfiguration() {
@@ -305,18 +305,6 @@ public class WhisperServerConfiguration extends Configuration {
     return webSocket;
   }
 
-  public TwilioConfiguration getTwilioConfiguration() {
-    return twilio;
-  }
-
-  public PushConfiguration getPushConfiguration() {
-    return push;
-  }
-
-  public JerseyClientConfiguration getJerseyClientConfiguration() {
-    return httpClient;
-  }
-
   public AwsAttachmentsConfiguration getAwsAttachmentsConfiguration() {
     return awsAttachments;
   }
@@ -369,20 +357,12 @@ public class WhisperServerConfiguration extends Configuration {
     return rateLimitersCluster;
   }
 
-  public DatabaseConfiguration getAbuseDatabaseConfiguration() {
-    return abuseDatabase;
-  }
-
   public RateLimitsConfiguration getLimitsConfiguration() {
     return limits;
   }
 
-  public TurnConfiguration getTurnConfiguration() {
-    return turn;
-  }
-
-  public GcmConfiguration getGcmConfiguration() {
-    return gcm;
+  public FcmConfiguration getFcmConfiguration() {
+    return fcm;
   }
 
   public ApnConfiguration getApnConfiguration() {
@@ -423,10 +403,6 @@ public class WhisperServerConfiguration extends Configuration {
     return results;
   }
 
-  public Map<String, String> getTransparentDataIndex() {
-    return transparentDataIndex;
-  }
-
   public SecureBackupServiceConfiguration getSecureBackupServiceConfiguration() {
     return backupService;
   }
@@ -435,6 +411,10 @@ public class WhisperServerConfiguration extends Configuration {
     return paymentsService;
   }
 
+  public ArtServiceConfiguration getArtServiceConfiguration() {
+    return artService;
+  }
+
   public ZkConfig getZkConfig() {
     return zkConfig;
   }
@@ -447,10 +427,6 @@ public class WhisperServerConfiguration extends Configuration {
     return appConfig;
   }
 
-  public DonationConfiguration getDonationConfiguration() {
-    return donation;
-  }
-
   public BadgesConfiguration getBadges() {
     return badges;
   }
@@ -459,8 +435,8 @@ public class WhisperServerConfiguration extends Configuration {
     return subscription;
   }
 
-  public BoostConfiguration getBoost() {
-    return boost;
+  public OneTimeDonationConfiguration getOneTimeDonations() {
+    return oneTimeDonations;
   }
 
   public ReportMessageConfiguration getReportMessageConfiguration() {
@@ -470,4 +446,12 @@ public class WhisperServerConfiguration extends Configuration {
   public AbusiveMessageFilterConfiguration getAbusiveMessageFilterConfiguration() {
     return abusiveMessageFilter;
   }
+
+  public UsernameConfiguration getUsername() {
+    return username;
+  }
+
+  public RegistrationServiceConfiguration getRegistrationServiceConfiguration() {
+    return registrationService;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2021 Signal Messenger, LLC
+ * Copyright 2013-2022 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm;
@@ -11,10 +11,11 @@ import com.amazonaws.auth.InstanceProfileCredentialsProvider;
 import com.amazonaws.services.dynamodbv2.AmazonDynamoDB;
 import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClientBuilder;
 import com.codahale.metrics.SharedMetricRegistries;
-import com.codahale.metrics.jdbi3.strategies.DefaultNameStrategy;
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.PropertyAccessor;
 import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.cloud.logging.LoggingOptions;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;
@@ -24,10 +25,10 @@ import io.dropwizard.auth.PolymorphicAuthDynamicFeature;
 import io.dropwizard.auth.PolymorphicAuthValueFactoryProvider;
 import io.dropwizard.auth.basic.BasicCredentialAuthFilter;
 import io.dropwizard.auth.basic.BasicCredentials;
-import io.dropwizard.db.PooledDataSourceFactory;
-import io.dropwizard.jdbi3.JdbiFactory;
 import io.dropwizard.setup.Bootstrap;
 import io.dropwizard.setup.Environment;
+import io.lettuce.core.metrics.MicrometerCommandLatencyRecorder;
+import io.lettuce.core.metrics.MicrometerOptions;
 import io.lettuce.core.resource.ClientResources;
 import io.micrometer.core.instrument.Meter.Id;
 import io.micrometer.core.instrument.Metrics;
@@ -35,7 +36,9 @@ import io.micrometer.core.instrument.Tags;
 import io.micrometer.core.instrument.config.MeterFilter;
 import io.micrometer.core.instrument.distribution.DistributionStatisticConfig;
 import io.micrometer.datadog.DatadogMeterRegistry;
+import java.io.ByteArrayInputStream;
 import java.net.http.HttpClient;
+import java.nio.charset.StandardCharsets;
 import java.time.Clock;
 import java.time.Duration;
 import java.util.ArrayList;
@@ -47,20 +50,23 @@ import java.util.ServiceLoader;
 import java.util.concurrent.ArrayBlockingQueue;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.ExecutorService;
+import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 import javax.servlet.DispatcherType;
 import javax.servlet.FilterRegistration;
 import javax.servlet.ServletRegistration;
 import org.eclipse.jetty.servlets.CrossOriginFilter;
 import org.glassfish.jersey.server.ServerProperties;
-import org.jdbi.v3.core.Jdbi;
+import org.signal.event.AdminEventLogger;
+import org.signal.event.GoogleCloudAdminEventLogger;
 import org.signal.i18n.HeaderControlledResourceBundleLookup;
-import org.signal.zkgroup.ServerSecretParams;
-import org.signal.zkgroup.auth.ServerZkAuthOperations;
-import org.signal.zkgroup.profiles.ServerZkProfileOperations;
-import org.signal.zkgroup.receipts.ReceiptCredentialPresentation;
-import org.signal.zkgroup.receipts.ServerZkReceiptOperations;
+import org.signal.libsignal.zkgroup.ServerSecretParams;
+import org.signal.libsignal.zkgroup.auth.ServerZkAuthOperations;
+import org.signal.libsignal.zkgroup.profiles.ServerZkProfileOperations;
+import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialPresentation;
+import org.signal.libsignal.zkgroup.receipts.ServerZkReceiptOperations;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.dispatch.DispatchManager;
@@ -77,11 +83,11 @@ import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
 import org.whispersystems.textsecuregcm.auth.WebsocketRefreshApplicationEventListener;
 import org.whispersystems.textsecuregcm.badges.ConfiguredProfileBadgeConverter;
 import org.whispersystems.textsecuregcm.badges.ResourceBundleLevelTranslator;
+import org.whispersystems.textsecuregcm.captcha.CaptchaChecker;
+import org.whispersystems.textsecuregcm.captcha.HCaptchaClient;
 import org.whispersystems.textsecuregcm.configuration.DirectoryServerConfiguration;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
-import org.whispersystems.textsecuregcm.controllers.AcceptNumericOnlineFlagRequestFilter;
 import org.whispersystems.textsecuregcm.controllers.AccountController;
-import org.whispersystems.textsecuregcm.controllers.AttachmentControllerV1;
 import org.whispersystems.textsecuregcm.controllers.AttachmentControllerV2;
 import org.whispersystems.textsecuregcm.controllers.AttachmentControllerV3;
 import org.whispersystems.textsecuregcm.controllers.CertificateController;
@@ -100,30 +106,27 @@ import org.whispersystems.textsecuregcm.controllers.RemoteConfigController;
 import org.whispersystems.textsecuregcm.controllers.SecureBackupController;
 import org.whispersystems.textsecuregcm.controllers.SecureStorageController;
 import org.whispersystems.textsecuregcm.controllers.StickerController;
+import org.whispersystems.textsecuregcm.controllers.ArtController;
 import org.whispersystems.textsecuregcm.controllers.SubscriptionController;
 import org.whispersystems.textsecuregcm.controllers.VoiceVerificationController;
+import org.whispersystems.textsecuregcm.currency.CoinMarketCapClient;
 import org.whispersystems.textsecuregcm.currency.CurrencyConversionManager;
 import org.whispersystems.textsecuregcm.currency.FixerClient;
-import org.whispersystems.textsecuregcm.currency.FtxClient;
 import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
-import org.whispersystems.textsecuregcm.filters.ContentLengthFilter;
+import org.whispersystems.textsecuregcm.filters.RequestStatisticsFilter;
 import org.whispersystems.textsecuregcm.filters.RemoteDeprecationFilter;
 import org.whispersystems.textsecuregcm.filters.TimestampResponseFilter;
 import org.whispersystems.textsecuregcm.limits.DynamicRateLimiters;
 import org.whispersystems.textsecuregcm.limits.PushChallengeManager;
 import org.whispersystems.textsecuregcm.limits.RateLimitChallengeManager;
-import org.whispersystems.textsecuregcm.limits.RateLimitChallengeOptionManager;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
-import org.whispersystems.textsecuregcm.liquibase.NameableMigrationsBundle;
 import org.whispersystems.textsecuregcm.mappers.CompletionExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.DeviceLimitExceededExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.IOExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.ImpossiblePhoneNumberExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.InvalidWebsocketAddressExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.NonNormalizedPhoneNumberExceptionMapper;
-import org.whispersystems.textsecuregcm.mappers.RateLimitChallengeExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.RateLimitExceededExceptionMapper;
-import org.whispersystems.textsecuregcm.mappers.RetryLaterExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.ServerRejectedExceptionMapper;
 import org.whispersystems.textsecuregcm.metrics.ApplicationShutdownMonitor;
 import org.whispersystems.textsecuregcm.metrics.BufferPoolGauges;
@@ -131,45 +134,45 @@ import org.whispersystems.textsecuregcm.metrics.CpuUsageGauge;
 import org.whispersystems.textsecuregcm.metrics.FileDescriptorGauge;
 import org.whispersystems.textsecuregcm.metrics.FreeMemoryGauge;
 import org.whispersystems.textsecuregcm.metrics.GarbageCollectionGauges;
+import org.whispersystems.textsecuregcm.metrics.LettuceMetricsMeterFilter;
 import org.whispersystems.textsecuregcm.metrics.MaxFileDescriptorGauge;
 import org.whispersystems.textsecuregcm.metrics.MetricsApplicationEventListener;
 import org.whispersystems.textsecuregcm.metrics.MetricsRequestEventListener;
+import org.whispersystems.textsecuregcm.metrics.MicrometerRegistryManager;
 import org.whispersystems.textsecuregcm.metrics.NetworkReceivedGauge;
 import org.whispersystems.textsecuregcm.metrics.NetworkSentGauge;
 import org.whispersystems.textsecuregcm.metrics.OperatingSystemMemoryGauge;
-import org.whispersystems.textsecuregcm.metrics.PushLatencyManager;
+import org.whispersystems.textsecuregcm.metrics.ReportedMessageMetricsListener;
 import org.whispersystems.textsecuregcm.metrics.TrafficSource;
 import org.whispersystems.textsecuregcm.providers.MultiRecipientMessageProvider;
 import org.whispersystems.textsecuregcm.providers.RedisClientFactory;
 import org.whispersystems.textsecuregcm.providers.RedisClusterHealthCheck;
 import org.whispersystems.textsecuregcm.push.APNSender;
-import org.whispersystems.textsecuregcm.push.ApnFallbackManager;
+import org.whispersystems.textsecuregcm.push.ApnPushNotificationScheduler;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
-import org.whispersystems.textsecuregcm.push.GCMSender;
+import org.whispersystems.textsecuregcm.push.FcmSender;
 import org.whispersystems.textsecuregcm.push.MessageSender;
 import org.whispersystems.textsecuregcm.push.ProvisioningManager;
+import org.whispersystems.textsecuregcm.push.PushLatencyManager;
+import org.whispersystems.textsecuregcm.push.PushNotificationManager;
 import org.whispersystems.textsecuregcm.push.ReceiptSender;
-import org.whispersystems.textsecuregcm.recaptcha.EnterpriseRecaptchaClient;
-import org.whispersystems.textsecuregcm.recaptcha.LegacyRecaptchaClient;
-import org.whispersystems.textsecuregcm.recaptcha.TransitionalRecaptchaClient;
+import org.whispersystems.textsecuregcm.captcha.RecaptchaClient;
 import org.whispersystems.textsecuregcm.redis.ConnectionEventLogger;
 import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
 import org.whispersystems.textsecuregcm.redis.ReplicatedJedisPool;
+import org.whispersystems.textsecuregcm.registration.RegistrationServiceClient;
 import org.whispersystems.textsecuregcm.s3.PolicySigner;
 import org.whispersystems.textsecuregcm.s3.PostPolicyGenerator;
 import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
-import org.whispersystems.textsecuregcm.sms.SmsSender;
-import org.whispersystems.textsecuregcm.sms.TwilioSmsSender;
-import org.whispersystems.textsecuregcm.sms.TwilioVerifyExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.sqs.DirectoryQueue;
-import org.whispersystems.textsecuregcm.storage.AbusiveHostRules;
 import org.whispersystems.textsecuregcm.storage.AccountCleaner;
 import org.whispersystems.textsecuregcm.storage.AccountDatabaseCrawler;
 import org.whispersystems.textsecuregcm.storage.AccountDatabaseCrawlerCache;
 import org.whispersystems.textsecuregcm.storage.AccountDatabaseCrawlerListener;
 import org.whispersystems.textsecuregcm.storage.Accounts;
 import org.whispersystems.textsecuregcm.storage.AccountsManager;
+import org.whispersystems.textsecuregcm.storage.ChangeNumberManager;
 import org.whispersystems.textsecuregcm.storage.ContactDiscoveryWriter;
 import org.whispersystems.textsecuregcm.storage.DeletedAccounts;
 import org.whispersystems.textsecuregcm.storage.DeletedAccountsDirectoryReconciler;
@@ -178,7 +181,6 @@ import org.whispersystems.textsecuregcm.storage.DeletedAccountsTableCrawler;
 import org.whispersystems.textsecuregcm.storage.DirectoryReconciler;
 import org.whispersystems.textsecuregcm.storage.DirectoryReconciliationClient;
 import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
-import org.whispersystems.textsecuregcm.storage.FaultTolerantDatabase;
 import org.whispersystems.textsecuregcm.storage.IssuedReceiptsManager;
 import org.whispersystems.textsecuregcm.storage.Keys;
 import org.whispersystems.textsecuregcm.storage.MessagePersister;
@@ -189,6 +191,7 @@ import org.whispersystems.textsecuregcm.storage.NonNormalizedAccountCrawlerListe
 import org.whispersystems.textsecuregcm.storage.PhoneNumberIdentifiers;
 import org.whispersystems.textsecuregcm.storage.Profiles;
 import org.whispersystems.textsecuregcm.storage.ProfilesManager;
+import org.whispersystems.textsecuregcm.storage.ProhibitedUsernames;
 import org.whispersystems.textsecuregcm.storage.PubSubManager;
 import org.whispersystems.textsecuregcm.storage.PushChallengeDynamoDb;
 import org.whispersystems.textsecuregcm.storage.PushFeedbackProcessor;
@@ -197,18 +200,18 @@ import org.whispersystems.textsecuregcm.storage.RemoteConfigs;
 import org.whispersystems.textsecuregcm.storage.RemoteConfigsManager;
 import org.whispersystems.textsecuregcm.storage.ReportMessageDynamoDb;
 import org.whispersystems.textsecuregcm.storage.ReportMessageManager;
-import org.whispersystems.textsecuregcm.storage.ReservedUsernames;
 import org.whispersystems.textsecuregcm.storage.StoredVerificationCodeManager;
 import org.whispersystems.textsecuregcm.storage.SubscriptionManager;
 import org.whispersystems.textsecuregcm.storage.VerificationCodeStore;
-import org.whispersystems.textsecuregcm.stripe.StripeManager;
+import org.whispersystems.textsecuregcm.subscriptions.BraintreeManager;
+import org.whispersystems.textsecuregcm.subscriptions.StripeManager;
 import org.whispersystems.textsecuregcm.util.Constants;
 import org.whispersystems.textsecuregcm.util.DynamoDbFromConfig;
 import org.whispersystems.textsecuregcm.util.HostnameUtil;
+import org.whispersystems.textsecuregcm.util.UsernameGenerator;
 import org.whispersystems.textsecuregcm.util.logging.LoggingUnhandledExceptionMapper;
 import org.whispersystems.textsecuregcm.util.logging.UncaughtExceptionHandler;
 import org.whispersystems.textsecuregcm.websocket.AuthenticatedConnectListener;
-import org.whispersystems.textsecuregcm.websocket.DeadLetterHandler;
 import org.whispersystems.textsecuregcm.websocket.ProvisioningConnectListener;
 import org.whispersystems.textsecuregcm.websocket.WebSocketAccountAuthenticator;
 import org.whispersystems.textsecuregcm.workers.AssignUsernameCommand;
@@ -223,6 +226,7 @@ import org.whispersystems.textsecuregcm.workers.SetUserDiscoverabilityCommand;
 import org.whispersystems.textsecuregcm.workers.ZkParamsCommand;
 import org.whispersystems.websocket.WebSocketResourceProviderFactory;
 import org.whispersystems.websocket.setup.WebSocketEnvironment;
+import reactor.core.scheduler.Schedulers;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.regions.Region;
@@ -244,13 +248,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     bootstrap.addCommand(new SetUserDiscoverabilityCommand());
     bootstrap.addCommand(new ReserveUsernameCommand());
     bootstrap.addCommand(new AssignUsernameCommand());
-
-    bootstrap.addBundle(new NameableMigrationsBundle<WhisperServerConfiguration>("abusedb", "abusedb.xml") {
-      @Override
-      public PooledDataSourceFactory getDataSourceFactory(WhisperServerConfiguration configuration) {
-        return configuration.getAbuseDatabaseConfiguration();
-      }
-    });
   }
 
   @Override
@@ -276,15 +273,16 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
           config.getDatadogConfiguration(), io.micrometer.core.instrument.Clock.SYSTEM);
 
       datadogMeterRegistry.config().commonTags(
-          Tags.of(
-              "service", "chat",
-              "host", HostnameUtil.getLocalHostname(),
-              "version", WhisperServerVersion.getServerVersion(),
-              "env", config.getDatadogConfiguration().getEnvironment()))
+              Tags.of(
+                  "service", "chat",
+                  "host", HostnameUtil.getLocalHostname(),
+                  "version", WhisperServerVersion.getServerVersion(),
+                  "env", config.getDatadogConfiguration().getEnvironment()))
           .meterFilter(MeterFilter.denyNameStartsWith(MetricsRequestEventListener.REQUEST_COUNTER_NAME))
           .meterFilter(MeterFilter.denyNameStartsWith(MetricsRequestEventListener.ANDROID_REQUEST_COUNTER_NAME))
           .meterFilter(MeterFilter.denyNameStartsWith(MetricsRequestEventListener.DESKTOP_REQUEST_COUNTER_NAME))
           .meterFilter(MeterFilter.denyNameStartsWith(MetricsRequestEventListener.IOS_REQUEST_COUNTER_NAME))
+          .meterFilter(new LettuceMetricsMeterFilter())
           .meterFilter(new MeterFilter() {
             @Override
             public DistributionStatisticConfig configure(final Id id, final DistributionStatisticConfig config) {
@@ -295,6 +293,8 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
       Metrics.addRegistry(datadogMeterRegistry);
     }
 
+    environment.lifecycle().manage(new MicrometerRegistryManager(Metrics.globalRegistry));
+
     environment.getObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
     environment.getObjectMapper().setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.NONE);
     environment.getObjectMapper().setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
@@ -306,12 +306,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     ResourceBundleLevelTranslator resourceBundleLevelTranslator = new ResourceBundleLevelTranslator(
         headerControlledResourceBundleLookup);
 
-    JdbiFactory jdbiFactory = new JdbiFactory(DefaultNameStrategy.CHECK_EMPTY);
-    Jdbi abuseJdbi = jdbiFactory.build(environment, config.getAbuseDatabaseConfiguration(), "abusedb");
-
-    FaultTolerantDatabase abuseDatabase = new FaultTolerantDatabase("abuse_database", abuseJdbi,
-        config.getAbuseDatabaseConfiguration().getCircuitBreakerConfiguration());
-
     DynamoDbAsyncClient dynamoDbAsyncClient = DynamoDbFromConfig.asyncClient(
         config.getDynamoDbClientConfiguration(),
         software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.create());
@@ -339,7 +333,16 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
             config.getAppConfig().getConfigurationName(),
             DynamicConfiguration.class);
 
-    Accounts accounts = new Accounts(dynamoDbClient,
+    BlockingQueue<Runnable> messageDeletionQueue = new LinkedBlockingQueue<>();
+    Metrics.gaugeCollectionSize(name(getClass(), "messageDeletionQueueSize"), Collections.emptyList(),
+        messageDeletionQueue);
+    ExecutorService messageDeletionAsyncExecutor = environment.lifecycle()
+        .executorService(name(getClass(), "messageDeletionAsyncExecutor-%d")).maxThreads(16)
+        .workQueue(messageDeletionQueue).build();
+
+    Accounts accounts = new Accounts(
+        dynamoDbClient,
+        dynamoDbAsyncClient,
         config.getDynamoDbTables().getAccounts().getTableName(),
         config.getDynamoDbTables().getAccounts().getPhoneNumberTableName(),
         config.getDynamoDbTables().getAccounts().getPhoneNumberIdentifierTableName(),
@@ -347,15 +350,15 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         config.getDynamoDbTables().getAccounts().getScanPageSize());
     PhoneNumberIdentifiers phoneNumberIdentifiers = new PhoneNumberIdentifiers(dynamoDbClient,
         config.getDynamoDbTables().getPhoneNumberIdentifiers().getTableName());
-    ReservedUsernames reservedUsernames = new ReservedUsernames(dynamoDbClient,
+    ProhibitedUsernames prohibitedUsernames = new ProhibitedUsernames(dynamoDbClient,
         config.getDynamoDbTables().getReservedUsernames().getTableName());
     Profiles profiles = new Profiles(dynamoDbClient, dynamoDbAsyncClient,
         config.getDynamoDbTables().getProfiles().getTableName());
     Keys keys = new Keys(dynamoDbClient, config.getDynamoDbTables().getKeys().getTableName());
-    MessagesDynamoDb messagesDynamoDb = new MessagesDynamoDb(dynamoDbClient,
+    MessagesDynamoDb messagesDynamoDb = new MessagesDynamoDb(dynamoDbClient, dynamoDbAsyncClient,
         config.getDynamoDbTables().getMessages().getTableName(),
-        config.getDynamoDbTables().getMessages().getExpiration());
-    AbusiveHostRules abusiveHostRules = new AbusiveHostRules(abuseDatabase);
+        config.getDynamoDbTables().getMessages().getExpiration(),
+        messageDeletionAsyncExecutor);
     RemoteConfigs remoteConfigs = new RemoteConfigs(dynamoDbClient,
         config.getDynamoDbTables().getRemoteConfig().getTableName());
     PushChallengeDynamoDb pushChallengeDynamoDb = new PushChallengeDynamoDb(dynamoDbClient,
@@ -368,10 +371,17 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     VerificationCodeStore pendingDevices = new VerificationCodeStore(dynamoDbClient,
         config.getDynamoDbTables().getPendingDevices().getTableName());
 
-    RedisClientFactory  pubSubClientFactory = new RedisClientFactory("pubsub_cache", config.getPubsubCacheConfiguration().getUrl(), config.getPubsubCacheConfiguration().getReplicaUrls(), config.getPubsubCacheConfiguration().getCircuitBreakerConfiguration());
-    ReplicatedJedisPool pubsubClient        = pubSubClientFactory.getRedisClientPool();
+    reactor.util.Metrics.MicrometerConfiguration.useRegistry(Metrics.globalRegistry);
+    Schedulers.enableMetrics();
 
-    ClientResources redisClientResources = ClientResources.builder().build();
+    RedisClientFactory pubSubClientFactory = new RedisClientFactory("pubsub_cache",
+        config.getPubsubCacheConfiguration().getUrl(), config.getPubsubCacheConfiguration().getReplicaUrls(),
+        config.getPubsubCacheConfiguration().getCircuitBreakerConfiguration());
+    ReplicatedJedisPool pubsubClient = pubSubClientFactory.getRedisClientPool();
+
+    MicrometerOptions options = MicrometerOptions.builder().build();
+    ClientResources redisClientResources = ClientResources.builder()
+        .commandLatencyRecorder(new MicrometerCommandLatencyRecorder(Metrics.globalRegistry, options)).build();
     ConnectionEventLogger.logConnectionEvents(redisClientResources);
 
     FaultTolerantRedisCluster cacheCluster             = new FaultTolerantRedisCluster("main_cache_cluster", config.getCacheClusterConfiguration(), redisClientResources);
@@ -381,71 +391,115 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     FaultTolerantRedisCluster pushSchedulerCluster     = new FaultTolerantRedisCluster("push_scheduler", config.getPushSchedulerCluster(), redisClientResources);
     FaultTolerantRedisCluster rateLimitersCluster      = new FaultTolerantRedisCluster("rate_limiters", config.getRateLimitersCluster(), redisClientResources);
 
-    BlockingQueue<Runnable> keyspaceNotificationDispatchQueue = new ArrayBlockingQueue<>(10_000);
+    final BlockingQueue<Runnable> keyspaceNotificationDispatchQueue = new ArrayBlockingQueue<>(100_000);
     Metrics.gaugeCollectionSize(name(getClass(), "keyspaceNotificationDispatchQueueSize"), Collections.emptyList(), keyspaceNotificationDispatchQueue);
+    final BlockingQueue<Runnable> receiptSenderQueue = new LinkedBlockingQueue<>();
+    Metrics.gaugeCollectionSize(name(getClass(), "receiptSenderQueue"), Collections.emptyList(), receiptSenderQueue);
+
+    final BlockingQueue<Runnable> fcmSenderQueue = new LinkedBlockingQueue<>();
+    Metrics.gaugeCollectionSize(name(getClass(), "fcmSenderQueue"), Collections.emptyList(), fcmSenderQueue);
 
     ScheduledExecutorService recurringJobExecutor = environment.lifecycle()
         .scheduledExecutorService(name(getClass(), "recurringJob-%d")).threads(6).build();
-    ScheduledExecutorService retrySchedulingExecutor              = environment.lifecycle().scheduledExecutorService(name(getClass(), "retry-%d")).threads(2).build();
+    ScheduledExecutorService websocketScheduledExecutor           = environment.lifecycle().scheduledExecutorService(name(getClass(), "websocket-%d")).threads(8).build();
     ExecutorService          keyspaceNotificationDispatchExecutor = environment.lifecycle().executorService(name(getClass(), "keyspaceNotification-%d")).maxThreads(16).workQueue(keyspaceNotificationDispatchQueue).build();
     ExecutorService          apnSenderExecutor                    = environment.lifecycle().executorService(name(getClass(), "apnSender-%d")).maxThreads(1).minThreads(1).build();
-    ExecutorService          gcmSenderExecutor                    = environment.lifecycle().executorService(name(getClass(), "gcmSender-%d")).maxThreads(1).minThreads(1).build();
+    ExecutorService          fcmSenderExecutor                    = environment.lifecycle().executorService(name(getClass(), "fcmSender-%d")).maxThreads(32).minThreads(32).workQueue(fcmSenderQueue).build();
     ExecutorService          backupServiceExecutor                = environment.lifecycle().executorService(name(getClass(), "backupService-%d")).maxThreads(1).minThreads(1).build();
     ExecutorService          storageServiceExecutor               = environment.lifecycle().executorService(name(getClass(), "storageService-%d")).maxThreads(1).minThreads(1).build();
+    ExecutorService          accountDeletionExecutor              = environment.lifecycle().executorService(name(getClass(), "accountCleaner-%d")).maxThreads(16).minThreads(16).build();
+
+    // TODO: generally speaking this is a DynamoDB I/O executor for the accounts table; we should eventually have a general executor for speaking to the accounts table, but most of the server is still synchronous so this isn't widely useful yet
+    ExecutorService batchIdentityCheckExecutor = environment.lifecycle().executorService(name(getClass(), "batchIdentityCheck-%d")).minThreads(32).maxThreads(32).build();
     ExecutorService multiRecipientMessageExecutor = environment.lifecycle()
         .executorService(name(getClass(), "multiRecipientMessage-%d")).minThreads(64).maxThreads(64).build();
-    ExecutorService stripeExecutor = environment.lifecycle().executorService(name(getClass(), "stripe-%d")).
-        maxThreads(availableProcessors).  // mostly this is IO bound so tying to number of processors is tenuous at best
-        minThreads(availableProcessors).  // mostly this is IO bound so tying to number of processors is tenuous at best
-        allowCoreThreadTimeOut(true).
+    ExecutorService subscriptionProcessorExecutor = environment.lifecycle()
+        .executorService(name(getClass(), "subscriptionProcessor-%d"))
+        .maxThreads(availableProcessors)  // mostly this is IO bound so tying to number of processors is tenuous at best
+        .minThreads(availableProcessors)  // mostly this is IO bound so tying to number of processors is tenuous at best
+        .allowCoreThreadTimeOut(true).
         build();
+    ExecutorService receiptSenderExecutor = environment.lifecycle()
+        .executorService(name(getClass(), "receiptSender-%d"))
+        .maxThreads(2)
+        .minThreads(2)
+        .workQueue(receiptSenderQueue)
+        .rejectedExecutionHandler(new ThreadPoolExecutor.CallerRunsPolicy())
+        .build();
+    ExecutorService registrationCallbackExecutor = environment.lifecycle()
+        .executorService(name(getClass(), "registration-%d"))
+        .maxThreads(2)
+        .minThreads(2)
+        .build();
 
-    StripeManager stripeManager = new StripeManager(config.getStripe().getApiKey(), stripeExecutor,
-        config.getStripe().getIdempotencyKeyGenerator(), config.getStripe().getBoostDescription());
+    final AdminEventLogger adminEventLogger = new GoogleCloudAdminEventLogger(
+        LoggingOptions.newBuilder().setProjectId(config.getAdminEventLoggingConfiguration().projectId())
+            .setCredentials(GoogleCredentials.fromStream(new ByteArrayInputStream(
+                config.getAdminEventLoggingConfiguration().credentials().getBytes(StandardCharsets.UTF_8))))
+            .build().getService(),
+        config.getAdminEventLoggingConfiguration().projectId(),
+        config.getAdminEventLoggingConfiguration().logName());
+
+    StripeManager stripeManager = new StripeManager(config.getStripe().apiKey(), subscriptionProcessorExecutor,
+        config.getStripe().idempotencyKeyGenerator(), config.getStripe().boostDescription(), config.getStripe()
+        .supportedCurrencies());
+    BraintreeManager braintreeManager = new BraintreeManager(config.getBraintree().merchantId(),
+        config.getBraintree().publicKey(), config.getBraintree().privateKey(), config.getBraintree().environment(),
+        config.getBraintree().supportedCurrencies(), config.getBraintree().merchantAccounts(),
+        config.getBraintree().graphqlUrl(), config.getBraintree().circuitBreaker(), subscriptionProcessorExecutor);
 
     ExternalServiceCredentialGenerator directoryCredentialsGenerator = new ExternalServiceCredentialGenerator(
         config.getDirectoryConfiguration().getDirectoryClientConfiguration().getUserAuthenticationTokenSharedSecret(),
         config.getDirectoryConfiguration().getDirectoryClientConfiguration().getUserAuthenticationTokenUserIdSecret());
     ExternalServiceCredentialGenerator directoryV2CredentialsGenerator = new ExternalServiceCredentialGenerator(
-        config.getDirectoryV2Configuration().getDirectoryV2ClientConfiguration()
-            .getUserAuthenticationTokenSharedSecret(), false);
+        config.getDirectoryV2Configuration().getDirectoryV2ClientConfiguration().getUserAuthenticationTokenSharedSecret(),
+        config.getDirectoryV2Configuration().getDirectoryV2ClientConfiguration().getUserIdTokenSharedSecret(),
+        true, false);
 
     dynamicConfigurationManager.start();
 
     ExperimentEnrollmentManager experimentEnrollmentManager = new ExperimentEnrollmentManager(dynamicConfigurationManager);
 
-    TwilioVerifyExperimentEnrollmentManager verifyExperimentEnrollmentManager = new TwilioVerifyExperimentEnrollmentManager(
-        config.getVoiceVerificationConfiguration(), experimentEnrollmentManager);
-
     ExternalServiceCredentialGenerator storageCredentialsGenerator = new ExternalServiceCredentialGenerator(
         config.getSecureStorageServiceConfiguration().getUserAuthenticationTokenSharedSecret(), true);
     ExternalServiceCredentialGenerator backupCredentialsGenerator = new ExternalServiceCredentialGenerator(
         config.getSecureBackupServiceConfiguration().getUserAuthenticationTokenSharedSecret(), true);
     ExternalServiceCredentialGenerator paymentsCredentialsGenerator = new ExternalServiceCredentialGenerator(
         config.getPaymentsServiceConfiguration().getUserAuthenticationTokenSharedSecret(), true);
+    ExternalServiceCredentialGenerator artCredentialsGenerator = new ExternalServiceCredentialGenerator(
+        config.getArtServiceConfiguration().getUserAuthenticationTokenSharedSecret(),
+        config.getArtServiceConfiguration().getUserAuthenticationTokenUserIdSecret(),
+        true, false, false);
 
+    RegistrationServiceClient  registrationServiceClient  = new RegistrationServiceClient(config.getRegistrationServiceConfiguration().getHost(), config.getRegistrationServiceConfiguration().getPort(), config.getRegistrationServiceConfiguration().getApiKey(), config.getRegistrationServiceConfiguration().getRegistrationCaCertificate(), registrationCallbackExecutor);
     SecureBackupClient         secureBackupClient         = new SecureBackupClient(backupCredentialsGenerator, backupServiceExecutor, config.getSecureBackupServiceConfiguration());
     SecureStorageClient        secureStorageClient        = new SecureStorageClient(storageCredentialsGenerator, storageServiceExecutor, config.getSecureStorageServiceConfiguration());
     ClientPresenceManager      clientPresenceManager      = new ClientPresenceManager(clientPresenceCluster, recurringJobExecutor, keyspaceNotificationDispatchExecutor);
     DirectoryQueue             directoryQueue             = new DirectoryQueue(config.getDirectoryConfiguration().getSqsConfiguration());
     StoredVerificationCodeManager pendingAccountsManager  = new StoredVerificationCodeManager(pendingAccounts);
     StoredVerificationCodeManager pendingDevicesManager   = new StoredVerificationCodeManager(pendingDevices);
-    ProfilesManager            profilesManager            = new ProfilesManager(profiles, cacheCluster);
-    MessagesCache              messagesCache              = new MessagesCache(messagesCluster, messagesCluster, keyspaceNotificationDispatchExecutor);
-    PushLatencyManager         pushLatencyManager         = new PushLatencyManager(metricsCluster, dynamicConfigurationManager);
-    ReportMessageManager       reportMessageManager       = new ReportMessageManager(reportMessageDynamoDb, rateLimitersCluster, Metrics.globalRegistry, config.getReportMessageConfiguration().getCounterTtl());
-    MessagesManager            messagesManager            = new MessagesManager(messagesDynamoDb, messagesCache, pushLatencyManager, reportMessageManager);
+    ProfilesManager profilesManager = new ProfilesManager(profiles, cacheCluster);
+    MessagesCache messagesCache = new MessagesCache(messagesCluster, messagesCluster, Clock.systemUTC(),
+        keyspaceNotificationDispatchExecutor, messageDeletionAsyncExecutor);
+    PushLatencyManager pushLatencyManager = new PushLatencyManager(metricsCluster, dynamicConfigurationManager);
+    ReportMessageManager reportMessageManager = new ReportMessageManager(reportMessageDynamoDb, rateLimitersCluster,
+        config.getReportMessageConfiguration().getCounterTtl());
+    MessagesManager messagesManager = new MessagesManager(messagesDynamoDb, messagesCache, reportMessageManager,
+        messageDeletionAsyncExecutor);
+    UsernameGenerator usernameGenerator = new UsernameGenerator(config.getUsername());
     DeletedAccountsManager deletedAccountsManager = new DeletedAccountsManager(deletedAccounts,
-        deletedAccountsLockDynamoDbClient, config.getDynamoDbTables().getDeletedAccounts().getTableName());
+        deletedAccountsLockDynamoDbClient, config.getDynamoDbTables().getDeletedAccountsLock().getTableName());
     AccountsManager accountsManager = new AccountsManager(accounts, phoneNumberIdentifiers, cacheCluster,
-        deletedAccountsManager, directoryQueue, keys, messagesManager, reservedUsernames, profilesManager,
-        pendingAccountsManager, secureStorageClient, secureBackupClient, clientPresenceManager, clock);
+        deletedAccountsManager, directoryQueue, keys, messagesManager, prohibitedUsernames, profilesManager,
+        pendingAccountsManager, secureStorageClient, secureBackupClient, clientPresenceManager, usernameGenerator,
+        experimentEnrollmentManager, clock);
     RemoteConfigsManager       remoteConfigsManager       = new RemoteConfigsManager(remoteConfigs);
-    DeadLetterHandler          deadLetterHandler          = new DeadLetterHandler(accountsManager, messagesManager);
-    DispatchManager            dispatchManager            = new DispatchManager(pubSubClientFactory, Optional.of(deadLetterHandler));
+    DispatchManager            dispatchManager            = new DispatchManager(pubSubClientFactory, Optional.empty());
     PubSubManager              pubSubManager              = new PubSubManager(pubsubClient, dispatchManager);
-    APNSender                  apnSender                  = new APNSender(apnSenderExecutor, accountsManager, config.getApnConfiguration());
-    GCMSender                  gcmSender                  = new GCMSender(gcmSenderExecutor, accountsManager, config.getGcmConfiguration().getApiKey());
+    APNSender                  apnSender                  = new APNSender(apnSenderExecutor, config.getApnConfiguration());
+    FcmSender                  fcmSender                  = new FcmSender(fcmSenderExecutor, config.getFcmConfiguration().credentials());
+    ApnPushNotificationScheduler apnPushNotificationScheduler = new ApnPushNotificationScheduler(pushSchedulerCluster, apnSender, accountsManager);
+    PushNotificationManager    pushNotificationManager    = new PushNotificationManager(accountsManager, apnSender, fcmSender, apnPushNotificationScheduler, pushLatencyManager, dynamicConfigurationManager);
     RateLimiters               rateLimiters               = new RateLimiters(config.getLimitsConfiguration(), rateLimitersCluster);
     DynamicRateLimiters        dynamicRateLimiters        = new DynamicRateLimiters(rateLimitersCluster, dynamicConfigurationManager);
     ProvisioningManager        provisioningManager        = new ProvisioningManager(pubSubManager);
@@ -462,29 +516,30 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     SubscriptionManager subscriptionManager = new SubscriptionManager(
         config.getDynamoDbTables().getSubscriptions().getTableName(), dynamoDbAsyncClient);
 
+    ReportedMessageMetricsListener reportedMessageMetricsListener = new ReportedMessageMetricsListener(accountsManager);
+    reportMessageManager.addListener(reportedMessageMetricsListener);
+
     AccountAuthenticator                  accountAuthenticator                  = new AccountAuthenticator(accountsManager);
     DisabledPermittedAccountAuthenticator disabledPermittedAccountAuthenticator = new DisabledPermittedAccountAuthenticator(accountsManager);
 
-    ApnFallbackManager       apnFallbackManager = new ApnFallbackManager(pushSchedulerCluster, apnSender, accountsManager);
-    TwilioSmsSender          twilioSmsSender    = new TwilioSmsSender(config.getTwilioConfiguration(), dynamicConfigurationManager);
-    SmsSender                smsSender          = new SmsSender(twilioSmsSender);
-    MessageSender            messageSender      = new MessageSender(apnFallbackManager, clientPresenceManager, messagesManager, gcmSender, apnSender, pushLatencyManager);
-    ReceiptSender            receiptSender      = new ReceiptSender(accountsManager, messageSender);
-    TurnTokenGenerator       turnTokenGenerator = new TurnTokenGenerator(config.getTurnConfiguration());
-    LegacyRecaptchaClient legacyRecaptchaClient = new LegacyRecaptchaClient(config.getRecaptchaConfiguration().getSecret());
-    EnterpriseRecaptchaClient enterpriseRecaptchaClient = new EnterpriseRecaptchaClient(
-        config.getRecaptchaV2Configuration().getScoreFloor().doubleValue(),
-        config.getRecaptchaV2Configuration().getSiteKey(),
-        config.getRecaptchaV2Configuration().getProjectPath(),
-        config.getRecaptchaV2Configuration().getCredentialConfigurationJson());
-    TransitionalRecaptchaClient transitionalRecaptchaClient = new TransitionalRecaptchaClient(legacyRecaptchaClient, enterpriseRecaptchaClient);
-    PushChallengeManager     pushChallengeManager = new PushChallengeManager(apnSender, gcmSender, pushChallengeDynamoDb);
+    MessageSender            messageSender      = new MessageSender(clientPresenceManager, messagesManager, pushNotificationManager, pushLatencyManager);
+    ReceiptSender            receiptSender      = new ReceiptSender(accountsManager, messageSender, receiptSenderExecutor);
+    TurnTokenGenerator       turnTokenGenerator = new TurnTokenGenerator(dynamicConfigurationManager);
+
+    RecaptchaClient recaptchaClient = new RecaptchaClient(
+        config.getRecaptchaConfiguration().getProjectPath(),
+        config.getRecaptchaConfiguration().getCredentialConfigurationJson(),
+        dynamicConfigurationManager);
+    HttpClient hcaptchaHttpClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_2).connectTimeout(Duration.ofSeconds(10)).build();
+    HCaptchaClient hCaptchaClient = new HCaptchaClient(config.getHCaptchaConfiguration().apiKey(), hcaptchaHttpClient, dynamicConfigurationManager);
+    CaptchaChecker captchaChecker = new CaptchaChecker(List.of(recaptchaClient, hCaptchaClient));
+
+    PushChallengeManager pushChallengeManager = new PushChallengeManager(pushNotificationManager, pushChallengeDynamoDb);
     RateLimitChallengeManager rateLimitChallengeManager = new RateLimitChallengeManager(pushChallengeManager,
-        transitionalRecaptchaClient, dynamicRateLimiters);
-    RateLimitChallengeOptionManager rateLimitChallengeOptionManager =
-        new RateLimitChallengeOptionManager(dynamicRateLimiters, dynamicConfigurationManager);
+        captchaChecker, dynamicRateLimiters);
 
     MessagePersister messagePersister = new MessagePersister(messagesCache, messagesManager, accountsManager, dynamicConfigurationManager, Duration.ofMinutes(config.getMessageCacheConfiguration().getPersistDelayMinutes()));
+    ChangeNumberManager changeNumberManager = new ChangeNumberManager(messageSender, accountsManager);
 
     final List<AccountDatabaseCrawlerListener> directoryReconciliationAccountDatabaseCrawlerListeners = new ArrayList<>();
     final List<DeletedAccountsDirectoryReconciler> deletedAccountsDirectoryReconcilers = new ArrayList<>();
@@ -513,15 +568,21 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         config.getAccountDatabaseCrawlerConfiguration().getChunkIntervalMs()
     );
 
+    AccountDatabaseCrawlerCache accountCleanerAccountDatabaseCrawlerCache =
+        new AccountDatabaseCrawlerCache(cacheCluster, AccountDatabaseCrawlerCache.ACCOUNT_CLEANER_PREFIX);
+    AccountDatabaseCrawler accountCleanerAccountDatabaseCrawler = new AccountDatabaseCrawler("Account cleaner crawler",
+        accountsManager,
+        accountCleanerAccountDatabaseCrawlerCache, List.of(new AccountCleaner(accountsManager, accountDeletionExecutor)),
+        config.getAccountDatabaseCrawlerConfiguration().getChunkSize(),
+        config.getAccountDatabaseCrawlerConfiguration().getChunkIntervalMs()
+    );
+
     // TODO listeners must be ordered so that ones that directly update accounts come last, so that read-only ones are not working with stale data
     final List<AccountDatabaseCrawlerListener> accountDatabaseCrawlerListeners = List.of(
         new NonNormalizedAccountCrawlerListener(accountsManager, metricsCluster),
         new ContactDiscoveryWriter(accountsManager),
         // PushFeedbackProcessor may update device properties
-        new PushFeedbackProcessor(accountsManager),
-        // delete accounts last
-        new AccountCleaner(accountsManager)
-    );
+        new PushFeedbackProcessor(accountsManager));
 
     AccountDatabaseCrawlerCache accountDatabaseCrawlerCache = new AccountDatabaseCrawlerCache(cacheCluster,
         AccountDatabaseCrawlerCache.GENERAL_PURPOSE_PREFIX);
@@ -534,24 +595,25 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
 
     DeletedAccountsTableCrawler deletedAccountsTableCrawler = new DeletedAccountsTableCrawler(deletedAccountsManager, deletedAccountsDirectoryReconcilers, cacheCluster, recurringJobExecutor);
 
-    HttpClient                currencyClient  = HttpClient.newBuilder().version(HttpClient.Version.HTTP_2).connectTimeout(Duration.ofSeconds(10)).build();
-    FixerClient               fixerClient     = new FixerClient(currencyClient, config.getPaymentsServiceConfiguration().getFixerApiKey());
-    FtxClient                 ftxClient       = new FtxClient(currencyClient);
-    CurrencyConversionManager currencyManager = new CurrencyConversionManager(fixerClient, ftxClient, config.getPaymentsServiceConfiguration().getPaymentCurrencies());
+    HttpClient currencyClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_2).connectTimeout(Duration.ofSeconds(10)).build();
+    FixerClient fixerClient = new FixerClient(currencyClient, config.getPaymentsServiceConfiguration().getFixerApiKey());
+    CoinMarketCapClient coinMarketCapClient = new CoinMarketCapClient(currencyClient, config.getPaymentsServiceConfiguration().getCoinMarketCapApiKey(), config.getPaymentsServiceConfiguration().getCoinMarketCapCurrencyIds());
+    CurrencyConversionManager currencyManager = new CurrencyConversionManager(fixerClient, coinMarketCapClient,
+        cacheCluster, config.getPaymentsServiceConfiguration().getPaymentCurrencies(), Clock.systemUTC());
 
-    apnSender.setApnFallbackManager(apnFallbackManager);
-    environment.lifecycle().manage(new ApplicationShutdownMonitor());
-    environment.lifecycle().manage(apnFallbackManager);
+    environment.lifecycle().manage(apnSender);
+    environment.lifecycle().manage(apnPushNotificationScheduler);
     environment.lifecycle().manage(pubSubManager);
-    environment.lifecycle().manage(messageSender);
     environment.lifecycle().manage(accountDatabaseCrawler);
     environment.lifecycle().manage(directoryReconciliationAccountDatabaseCrawler);
+    environment.lifecycle().manage(accountCleanerAccountDatabaseCrawler);
     environment.lifecycle().manage(deletedAccountsTableCrawler);
     environment.lifecycle().manage(messagesCache);
     environment.lifecycle().manage(messagePersister);
     environment.lifecycle().manage(clientPresenceManager);
     environment.lifecycle().manage(currencyManager);
     environment.lifecycle().manage(directoryQueue);
+    environment.lifecycle().manage(registrationServiceClient);
 
     StaticCredentialsProvider cdnCredentialsProvider = StaticCredentialsProvider
         .create(AwsBasicCredentials.create(
@@ -580,12 +642,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         .addFilter("RemoteDeprecationFilter", new RemoteDeprecationFilter(dynamicConfigurationManager))
         .addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "/*");
 
-    // TODO Remove on or after 2022-03-01
-    final AcceptNumericOnlineFlagRequestFilter acceptNumericOnlineFlagRequestFilter =
-        new AcceptNumericOnlineFlagRequestFilter("v1/messages/multi_recipient");
-
-    environment.jersey().register(new ContentLengthFilter(TrafficSource.HTTP));
-    environment.jersey().register(acceptNumericOnlineFlagRequestFilter);
+    environment.jersey().register(new RequestStatisticsFilter(TrafficSource.HTTP));
     environment.jersey().register(MultiRecipientMessageProvider.class);
     environment.jersey().register(new MetricsApplicationEventListener(TrafficSource.HTTP));
     environment.jersey()
@@ -603,49 +660,53 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         config.getWebSocketConfiguration(), 90000);
     webSocketEnvironment.setAuthenticator(new WebSocketAccountAuthenticator(accountAuthenticator));
     webSocketEnvironment.setConnectListener(
-        new AuthenticatedConnectListener(receiptSender, messagesManager, messageSender, apnFallbackManager,
-            clientPresenceManager, retrySchedulingExecutor));
-    webSocketEnvironment.jersey().register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
-    webSocketEnvironment.jersey().register(new ContentLengthFilter(TrafficSource.WEBSOCKET));
-    webSocketEnvironment.jersey().register(acceptNumericOnlineFlagRequestFilter);
+        new AuthenticatedConnectListener(receiptSender, messagesManager, pushNotificationManager,
+            clientPresenceManager, websocketScheduledExecutor));
+    webSocketEnvironment.jersey()
+        .register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
+    webSocketEnvironment.jersey().register(new RequestStatisticsFilter(TrafficSource.WEBSOCKET));
     webSocketEnvironment.jersey().register(MultiRecipientMessageProvider.class);
     webSocketEnvironment.jersey().register(new MetricsApplicationEventListener(TrafficSource.WEBSOCKET));
     webSocketEnvironment.jersey().register(new KeepAliveController(clientPresenceManager));
 
     // these should be common, but use @Auth DisabledPermittedAccount, which isn’t supported yet on websocket
     environment.jersey().register(
-        new AccountController(pendingAccountsManager, accountsManager, abusiveHostRules, rateLimiters,
-            smsSender, dynamicConfigurationManager, turnTokenGenerator, config.getTestDevices(),
-            transitionalRecaptchaClient, gcmSender, apnSender, backupCredentialsGenerator,
-            verifyExperimentEnrollmentManager));
+        new AccountController(pendingAccountsManager, accountsManager, rateLimiters,
+            registrationServiceClient, dynamicConfigurationManager, turnTokenGenerator, config.getTestDevices(),
+            captchaChecker, pushNotificationManager, changeNumberManager, backupCredentialsGenerator,
+            clientPresenceManager, clock));
+
     environment.jersey().register(new KeysController(rateLimiters, keys, accountsManager));
 
     final List<Object> commonControllers = Lists.newArrayList(
-        new AttachmentControllerV1(rateLimiters, config.getAwsAttachmentsConfiguration().getAccessKey(), config.getAwsAttachmentsConfiguration().getAccessSecret(), config.getAwsAttachmentsConfiguration().getBucket()),
+        new ArtController(rateLimiters, artCredentialsGenerator),
         new AttachmentControllerV2(rateLimiters, config.getAwsAttachmentsConfiguration().getAccessKey(), config.getAwsAttachmentsConfiguration().getAccessSecret(), config.getAwsAttachmentsConfiguration().getRegion(), config.getAwsAttachmentsConfiguration().getBucket()),
         new AttachmentControllerV3(rateLimiters, config.getGcpAttachmentsConfiguration().getDomain(), config.getGcpAttachmentsConfiguration().getEmail(), config.getGcpAttachmentsConfiguration().getMaxSizeInBytes(), config.getGcpAttachmentsConfiguration().getPathPrefix(), config.getGcpAttachmentsConfiguration().getRsaSigningKey()),
-        new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().getCertificate(), config.getDeliveryCertificate().getPrivateKey(), config.getDeliveryCertificate().getExpiresDays()), zkAuthOperations),
+        new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().getCertificate(), config.getDeliveryCertificate().getPrivateKey(), config.getDeliveryCertificate().getExpiresDays()), zkAuthOperations, clock),
         new ChallengeController(rateLimitChallengeManager),
         new DeviceController(pendingDevicesManager, accountsManager, messagesManager, keys, rateLimiters, config.getMaxDevices()),
         new DirectoryController(directoryCredentialsGenerator),
         new DirectoryV2Controller(directoryV2CredentialsGenerator),
         new DonationController(clock, zkReceiptOperations, redeemedReceiptsManager, accountsManager, config.getBadges(),
-            ReceiptCredentialPresentation::new, stripeExecutor, config.getDonationConfiguration(), config.getStripe()),
-        new MessageController(rateLimiters, messageSender, receiptSender, accountsManager, messagesManager, apnFallbackManager,
-            reportMessageManager, multiRecipientMessageExecutor),
+            ReceiptCredentialPresentation::new),
+        new MessageController(rateLimiters, messageSender, receiptSender, accountsManager, deletedAccountsManager, messagesManager, pushNotificationManager, reportMessageManager, multiRecipientMessageExecutor),
         new PaymentsController(currencyManager, paymentsCredentialsGenerator),
-        new ProfileController(clock, rateLimiters, accountsManager, profilesManager, dynamicConfigurationManager, profileBadgeConverter, config.getBadges(), cdnS3Client, profileCdnPolicyGenerator, profileCdnPolicySigner, config.getCdnConfiguration().getBucket(), zkProfileOperations),
+        new ProfileController(clock, rateLimiters, accountsManager, profilesManager, dynamicConfigurationManager,
+            profileBadgeConverter, config.getBadges(), cdnS3Client, profileCdnPolicyGenerator, profileCdnPolicySigner,
+            config.getCdnConfiguration().getBucket(), zkProfileOperations, batchIdentityCheckExecutor),
         new ProvisioningController(rateLimiters, provisioningManager),
-        new RemoteConfigController(remoteConfigsManager, config.getRemoteConfigConfiguration().getAuthorizedTokens(), config.getRemoteConfigConfiguration().getGlobalConfig()),
+        new RemoteConfigController(remoteConfigsManager, adminEventLogger,
+            config.getRemoteConfigConfiguration().getAuthorizedTokens(),
+            config.getRemoteConfigConfiguration().getGlobalConfig()),
         new SecureBackupController(backupCredentialsGenerator),
         new SecureStorageController(storageCredentialsGenerator),
         new StickerController(rateLimiters, config.getCdnConfiguration().getAccessKey(),
             config.getCdnConfiguration().getAccessSecret(), config.getCdnConfiguration().getRegion(),
             config.getCdnConfiguration().getBucket())
     );
-    if (config.getSubscription() != null && config.getBoost() != null) {
-      commonControllers.add(new SubscriptionController(clock, config.getSubscription(), config.getBoost(),
-          subscriptionManager, stripeManager, zkReceiptOperations, issuedReceiptsManager, profileBadgeConverter,
+    if (config.getSubscription() != null && config.getOneTimeDonations() != null) {
+      commonControllers.add(new SubscriptionController(clock, config.getSubscription(), config.getOneTimeDonations(),
+          subscriptionManager, stripeManager, braintreeManager, zkReceiptOperations, issuedReceiptsManager, profileBadgeConverter,
           resourceBundleLevelTranslator));
     }
 
@@ -695,13 +756,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     registerCorsFilter(environment);
     registerExceptionMappers(environment, webSocketEnvironment, provisioningEnvironment);
 
-    RateLimitChallengeExceptionMapper rateLimitChallengeExceptionMapper =
-        new RateLimitChallengeExceptionMapper(rateLimitChallengeOptionManager);
-
-    environment.jersey().register(rateLimitChallengeExceptionMapper);
-    webSocketEnvironment.jersey().register(rateLimitChallengeExceptionMapper);
-    provisioningEnvironment.jersey().register(rateLimitChallengeExceptionMapper);
-
     environment.jersey().property(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE);
     webSocketEnvironment.jersey().property(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE);
     provisioningEnvironment.jersey().property(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE);
@@ -725,6 +779,8 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
 
     environment.healthChecks().register("cacheCluster", new RedisClusterHealthCheck(cacheCluster));
 
+    environment.lifecycle().manage(new ApplicationShutdownMonitor(Metrics.globalRegistry));
+
     environment.metrics().register(name(CpuUsageGauge.class, "cpu"), new CpuUsageGauge(3, TimeUnit.SECONDS));
     environment.metrics().register(name(FreeMemoryGauge.class, "free_memory"), new FreeMemoryGauge());
     environment.metrics().register(name(NetworkSentGauge.class, "bytes_sent"), new NetworkSentGauge());
@@ -751,7 +807,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         new RateLimitExceededExceptionMapper(),
         new InvalidWebsocketAddressExceptionMapper(),
         new DeviceLimitExceededExceptionMapper(),
-        new RetryLaterExceptionMapper(),
         new ServerRejectedExceptionMapper(),
         new ImpossiblePhoneNumberExceptionMapper(),
         new NonNormalizedPhoneNumberExceptionMapper()

service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAuthenticator.java

@@ -7,32 +7,19 @@ package org.whispersystems.textsecuregcm.auth;
 import io.dropwizard.auth.Authenticator;
 import io.dropwizard.auth.basic.BasicCredentials;
 import java.util.Optional;
-import io.micrometer.core.instrument.Metrics;
+import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.storage.AccountsManager;
 
-import static com.codahale.metrics.MetricRegistry.name;
-
 public class AccountAuthenticator extends BaseAccountAuthenticator implements
     Authenticator<BasicCredentials, AuthenticatedAccount> {
 
-  private static final String AUTHENTICATION_COUNTER_NAME = name(AccountAuthenticator.class, "authenticate");
-
   public AccountAuthenticator(AccountsManager accountsManager) {
     super(accountsManager);
   }
 
   @Override
   public Optional<AuthenticatedAccount> authenticate(BasicCredentials basicCredentials) {
-    final Optional<AuthenticatedAccount> maybeAuthenticatedAccount = super.authenticate(basicCredentials, true);
-
-    // TODO Remove after announcement groups have launched
-    maybeAuthenticatedAccount.ifPresent(authenticatedAccount ->
-        Metrics.counter(AUTHENTICATION_COUNTER_NAME,
-            "supportsAnnouncementGroups",
-            String.valueOf(authenticatedAccount.getAccount().isAnnouncementGroupSupported()))
-            .increment());
-
-    return maybeAuthenticatedAccount;
+    return super.authenticate(basicCredentials, true);
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthenticationCredentials.java

@@ -4,7 +4,10 @@
  */
 package org.whispersystems.textsecuregcm.auth;
 
+import com.google.common.annotations.VisibleForTesting;
 import org.apache.commons.codec.binary.Hex;
+import org.signal.libsignal.protocol.kdf.HKDF;
+import org.whispersystems.textsecuregcm.util.Util;
 
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
@@ -12,18 +15,39 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 
 public class AuthenticationCredentials {
+  private static final String V2_PREFIX = "2.";
 
   private final String hashedAuthenticationToken;
   private final String salt;
 
+  public enum Version {
+    V1,
+    V2,
+  }
+
+  public static final Version CURRENT_VERSION = Version.V2;
+
   public AuthenticationCredentials(String hashedAuthenticationToken, String salt) {
     this.hashedAuthenticationToken = hashedAuthenticationToken;
     this.salt                      = salt;
   }
 
   public AuthenticationCredentials(String authenticationToken) {
-    this.salt                      = String.valueOf(Math.abs(new SecureRandom().nextInt()));
-    this.hashedAuthenticationToken = getHashedValue(salt, authenticationToken);
+    this.salt = String.valueOf(Util.ensureNonNegativeInt(new SecureRandom().nextInt()));
+    this.hashedAuthenticationToken = getV2HashedValue(salt, authenticationToken);
+  }
+
+  @VisibleForTesting
+  public AuthenticationCredentials v1ForTesting(String authenticationToken) {
+    String salt = String.valueOf(Util.ensureNonNegativeInt(new SecureRandom().nextInt()));
+    return new AuthenticationCredentials(getV1HashedValue(salt, authenticationToken), salt);
+  }
+
+  public Version getVersion() {
+    if (this.hashedAuthenticationToken.startsWith(V2_PREFIX)) {
+      return Version.V2;
+    }
+    return Version.V1;
   }
 
   public String getHashedAuthenticationToken() {
@@ -35,11 +59,14 @@ public class AuthenticationCredentials {
   }
 
   public boolean verify(String authenticationToken) {
-    String theirValue = getHashedValue(salt, authenticationToken);
+    final String theirValue = switch (getVersion()) {
+      case V1 -> getV1HashedValue(salt, authenticationToken);
+      case V2 -> getV2HashedValue(salt, authenticationToken);
+    };
     return MessageDigest.isEqual(theirValue.getBytes(StandardCharsets.UTF_8), this.hashedAuthenticationToken.getBytes(StandardCharsets.UTF_8));
   }
 
-  private static String getHashedValue(String salt, String token) {
+  private static String getV1HashedValue(String salt, String token) {
     try {
       return new String(Hex.encodeHex(MessageDigest.getInstance("SHA1").digest((salt + token).getBytes(StandardCharsets.UTF_8))));
     } catch (NoSuchAlgorithmException e) {
@@ -47,4 +74,13 @@ public class AuthenticationCredentials {
     }
   }
 
+  private static final byte[] AUTH_TOKEN_HKDF_INFO = "authtoken".getBytes(StandardCharsets.UTF_8);
+  private static String getV2HashedValue(String salt, String token) {
+    byte[] secret = HKDF.deriveSecrets(
+        token.getBytes(StandardCharsets.UTF_8),  // key
+        salt.getBytes(StandardCharsets.UTF_8),  // salt
+        AUTH_TOKEN_HKDF_INFO,
+        32);
+    return V2_PREFIX + Hex.encodeHexString(secret);
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/BaseAccountAuthenticator.java

@@ -27,13 +27,21 @@ import org.whispersystems.textsecuregcm.util.Util;
 public class BaseAccountAuthenticator {
 
   private static final String AUTHENTICATION_COUNTER_NAME = name(BaseAccountAuthenticator.class, "authentication");
+  private static final String ENABLED_NOT_REQUIRED_AUTHENTICATION_COUNTER_NAME = name(BaseAccountAuthenticator.class,
+      "enabledNotRequiredAuthentication");
   private static final String AUTHENTICATION_SUCCEEDED_TAG_NAME = "succeeded";
   private static final String AUTHENTICATION_FAILURE_REASON_TAG_NAME = "reason";
-  private static final String AUTHENTICATION_ENABLED_REQUIRED_TAG_NAME = "enabledRequired";
+  private static final String ENABLED_TAG_NAME = "enabled";
+  private static final String AUTHENTICATION_HAS_STORY_CAPABILITY = "hasStoryCapability";
+
+  private static final String STORY_ADOPTION_COUNTER_NAME = name(BaseAccountAuthenticator.class, "storyAdoption");
 
   private static final String DAYS_SINCE_LAST_SEEN_DISTRIBUTION_NAME = name(BaseAccountAuthenticator.class, "daysSinceLastSeen");
   private static final String IS_PRIMARY_DEVICE_TAG = "isPrimary";
 
+  @VisibleForTesting
+  static final char DEVICE_ID_SEPARATOR = '.';
+
   private final AccountsManager accountsManager;
   private final Clock           clock;
 
@@ -43,15 +51,15 @@ public class BaseAccountAuthenticator {
 
   @VisibleForTesting
   public BaseAccountAuthenticator(AccountsManager accountsManager, Clock clock) {
-    this.accountsManager = accountsManager;
-    this.clock           = clock;
+    this.accountsManager   = accountsManager;
+    this.clock             = clock;
   }
 
   static Pair<String, Long> getIdentifierAndDeviceId(final String basicUsername) {
     final String identifier;
     final long deviceId;
 
-    final int deviceIdSeparatorIndex = basicUsername.indexOf('.');
+    final int deviceIdSeparatorIndex = basicUsername.indexOf(DEVICE_ID_SEPARATOR);
 
     if (deviceIdSeparatorIndex == -1) {
       identifier = basicUsername;
@@ -67,6 +75,7 @@ public class BaseAccountAuthenticator {
   public Optional<AuthenticatedAccount> authenticate(BasicCredentials basicCredentials, boolean enabledRequired) {
     boolean succeeded = false;
     String failureReason = null;
+    boolean hasStoryCapability = false;
 
     try {
       final UUID accountUuid;
@@ -85,6 +94,8 @@ public class BaseAccountAuthenticator {
         return Optional.empty();
       }
 
+      hasStoryCapability = account.map(Account::isStoriesSupported).orElse(false);
+
       Optional<Device> device = account.get().getDevice(deviceId);
 
       if (device.isEmpty()) {
@@ -93,20 +104,35 @@ public class BaseAccountAuthenticator {
       }
 
       if (enabledRequired) {
-        if (!device.get().isEnabled()) {
+        final boolean deviceDisabled = !device.get().isEnabled();
+        if (deviceDisabled) {
           failureReason = "deviceDisabled";
-          return Optional.empty();
         }
 
-        if (!account.get().isEnabled()) {
+        final boolean accountDisabled = !account.get().isEnabled();
+        if (accountDisabled) {
           failureReason = "accountDisabled";
+        }
+        if (accountDisabled || deviceDisabled) {
           return Optional.empty();
         }
+      } else {
+        Metrics.counter(ENABLED_NOT_REQUIRED_AUTHENTICATION_COUNTER_NAME,
+                ENABLED_TAG_NAME, String.valueOf(device.get().isEnabled() && account.get().isEnabled()),
+                IS_PRIMARY_DEVICE_TAG, String.valueOf(device.get().isMaster()))
+            .increment();
       }
 
-      if (device.get().getAuthenticationCredentials().verify(basicCredentials.getPassword())) {
+      AuthenticationCredentials deviceAuthenticationCredentials = device.get().getAuthenticationCredentials();
+      if (deviceAuthenticationCredentials.verify(basicCredentials.getPassword())) {
         succeeded = true;
-        final Account authenticatedAccount = updateLastSeen(account.get(), device.get());
+        Account authenticatedAccount = updateLastSeen(account.get(), device.get());
+        if (deviceAuthenticationCredentials.getVersion() != AuthenticationCredentials.CURRENT_VERSION) {
+          authenticatedAccount = accountsManager.updateDeviceAuthentication(
+              authenticatedAccount,
+              device.get(),
+              new AuthenticationCredentials(basicCredentials.getPassword()));  // new credentials have current version
+        }
         return Optional.of(new AuthenticatedAccount(
             new RefreshingAccountAndDeviceSupplier(authenticatedAccount, device.get().getId(), accountsManager)));
       }
@@ -117,22 +143,33 @@ public class BaseAccountAuthenticator {
       return Optional.empty();
     } finally {
       Tags tags = Tags.of(
-          AUTHENTICATION_SUCCEEDED_TAG_NAME, String.valueOf(succeeded),
-          AUTHENTICATION_ENABLED_REQUIRED_TAG_NAME, String.valueOf(enabledRequired));
+          AUTHENTICATION_SUCCEEDED_TAG_NAME, String.valueOf(succeeded));
 
       if (StringUtils.isNotBlank(failureReason)) {
         tags = tags.and(AUTHENTICATION_FAILURE_REASON_TAG_NAME, failureReason);
       }
 
       Metrics.counter(AUTHENTICATION_COUNTER_NAME, tags).increment();
+
+      Tags storyTags = Tags.of(AUTHENTICATION_HAS_STORY_CAPABILITY, String.valueOf(hasStoryCapability));
+      Metrics.counter(STORY_ADOPTION_COUNTER_NAME, storyTags).increment();
     }
   }
 
   @VisibleForTesting
   public Account updateLastSeen(Account account, Device device) {
-    final long lastSeenOffsetSeconds   = Math.abs(account.getUuid().getLeastSignificantBits()) % ChronoUnit.DAYS.getDuration().toSeconds();
+    // compute a non-negative integer between 0 and 86400.
+    long n = Util.ensureNonNegativeLong(account.getUuid().getLeastSignificantBits());
+    final long lastSeenOffsetSeconds = n % ChronoUnit.DAYS.getDuration().toSeconds();
+
+    // produce a truncated timestamp which is either today at UTC midnight
+    // or yesterday at UTC midnight, based on per-user randomized offset used.
     final long todayInMillisWithOffset = Util.todayInMillisGivenOffsetFromNow(clock, Duration.ofSeconds(lastSeenOffsetSeconds).negated());
 
+    // only update the device's last seen time when it falls behind the truncated timestamp.
+    // this ensure a few things:
+    //   (1) each account will only update last-seen at most once per day
+    //   (2) these updates will occur throughout the day rather than all occurring at UTC midnight.
     if (device.getLastSeen() < todayInMillisWithOffset) {
       Metrics.summary(DAYS_SINCE_LAST_SEEN_DISTRIBUTION_NAME, IS_PRIMARY_DEVICE_TAG, String.valueOf(device.isMaster()))
           .record(Duration.ofMillis(todayInMillisWithOffset - device.getLastSeen()).toDays());
@@ -142,5 +179,4 @@ public class BaseAccountAuthenticator {
 
     return account;
   }
-
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/BasicAuthorizationHeader.java

@@ -5,9 +5,7 @@
 package org.whispersystems.textsecuregcm.auth;
 
 import java.util.Base64;
-import java.util.UUID;
 import org.apache.commons.lang3.StringUtils;
-import org.whispersystems.textsecuregcm.storage.Device;
 import org.whispersystems.textsecuregcm.util.Pair;
 
 public class BasicAuthorizationHeader {

service/src/main/java/org/whispersystems/textsecuregcm/auth/CertificateGenerator.java

@@ -7,18 +7,16 @@ package org.whispersystems.textsecuregcm.auth;
 
 import com.google.protobuf.ByteString;
 import com.google.protobuf.InvalidProtocolBufferException;
-import org.whispersystems.textsecuregcm.crypto.Curve;
-import org.whispersystems.textsecuregcm.crypto.ECPrivateKey;
+import java.security.InvalidKeyException;
+import java.util.Base64;
+import java.util.concurrent.TimeUnit;
+import org.signal.libsignal.protocol.ecc.Curve;
+import org.signal.libsignal.protocol.ecc.ECPrivateKey;
 import org.whispersystems.textsecuregcm.entities.MessageProtos.SenderCertificate;
 import org.whispersystems.textsecuregcm.entities.MessageProtos.ServerCertificate;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.Device;
 
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.util.Base64;
-import java.util.concurrent.TimeUnit;
-
 public class CertificateGenerator {
 
   private final ECPrivateKey      privateKey;
@@ -46,7 +44,12 @@ public class CertificateGenerator {
     }
 
     byte[] certificate = builder.build().toByteArray();
-    byte[] signature   = Curve.calculateSignature(privateKey, certificate);
+    byte[] signature;
+    try {
+      signature = Curve.calculateSignature(privateKey, certificate);
+    } catch (org.signal.libsignal.protocol.InvalidKeyException e) {
+      throw new InvalidKeyException(e);
+    }
 
     return SenderCertificate.newBuilder()
                             .setCertificate(ByteString.copyFrom(certificate))

service/src/main/java/org/whispersystems/textsecuregcm/auth/DisabledPermittedAccountAuthenticator.java

@@ -8,6 +8,7 @@ package org.whispersystems.textsecuregcm.auth;
 import io.dropwizard.auth.Authenticator;
 import io.dropwizard.auth.basic.BasicCredentials;
 import java.util.Optional;
+import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.storage.AccountsManager;
 
 public class DisabledPermittedAccountAuthenticator extends BaseAccountAuthenticator implements

service/src/main/java/org/whispersystems/textsecuregcm/auth/ExternalServiceCredentialGenerator.java

@@ -9,9 +9,9 @@ import com.google.common.annotations.VisibleForTesting;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.time.Clock;
+import java.util.HexFormat;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
-import org.apache.commons.codec.binary.Hex;
 import org.whispersystems.textsecuregcm.util.Util;
 
 public class ExternalServiceCredentialGenerator {
@@ -20,33 +20,50 @@ public class ExternalServiceCredentialGenerator {
   private final byte[] userIdKey;
   private final boolean usernameDerivation;
   private final boolean prependUsername;
+  private final boolean truncateKey;
   private final Clock clock;
 
   public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey) {
-    this(key, userIdKey, true, true);
+    this(key, userIdKey, true, true, true);
   }
 
   public ExternalServiceCredentialGenerator(byte[] key, boolean prependUsername) {
-    this(key, new byte[0], false, prependUsername);
+    this(key, prependUsername, true);
+  }
+
+  public ExternalServiceCredentialGenerator(byte[] key, boolean prependUsername, boolean truncateKey) {
+    this(key, new byte[0], false, prependUsername, truncateKey);
   }
 
   @VisibleForTesting
   public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation) {
-    this(key, userIdKey, usernameDerivation, true);
+    this(key, userIdKey, usernameDerivation, true, true);
   }
 
-  private ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
       boolean prependUsername) {
-    this(key, userIdKey, usernameDerivation, prependUsername, Clock.systemUTC());
+    this(key, userIdKey, usernameDerivation, prependUsername, true, Clock.systemUTC());
+  }
+
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
+      boolean prependUsername, boolean truncateKey) {
+    this(key, userIdKey, usernameDerivation, prependUsername, truncateKey, Clock.systemUTC());
   }
 
   @VisibleForTesting
   public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
       boolean prependUsername, Clock clock) {
+    this(key, userIdKey, usernameDerivation, prependUsername, true, clock);
+  }
+
+  @VisibleForTesting
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
+      boolean prependUsername, boolean truncateKey, Clock clock) {
     this.key = key;
     this.userIdKey = userIdKey;
     this.usernameDerivation = usernameDerivation;
     this.prependUsername = prependUsername;
+    this.truncateKey = truncateKey;
     this.clock = clock;
   }
 
@@ -55,14 +72,17 @@ public class ExternalServiceCredentialGenerator {
     String username = getUserId(identity, mac, usernameDerivation);
     long currentTimeSeconds = clock.millis() / 1000;
     String prefix = username + ":" + currentTimeSeconds;
-    String output = Hex.encodeHexString(Util.truncate(getHmac(key, prefix.getBytes(), mac), 10));
+    byte[] prefixMac = getHmac(key, prefix.getBytes(), mac);
+    final HexFormat hex = HexFormat.of();
+    String output = hex.formatHex(truncateKey ? Util.truncate(prefixMac, 10) : prefixMac);
     String token = (prependUsername ? prefix : currentTimeSeconds) + ":" + output;
 
     return new ExternalServiceCredentials(username, token);
   }
 
   private String getUserId(String number, Mac mac, boolean usernameDerivation) {
-    if (usernameDerivation) return Hex.encodeHexString(Util.truncate(getHmac(userIdKey, number.getBytes(), mac), 10));
+    final HexFormat hex = HexFormat.of();
+    if (usernameDerivation) return hex.formatHex(Util.truncate(getHmac(userIdKey, number.getBytes(), mac), 10));
     else                    return number;
   }
 

service/src/main/java/org/whispersystems/textsecuregcm/auth/ExternalServiceCredentials.java

@@ -6,28 +6,6 @@
 package org.whispersystems.textsecuregcm.auth;
 
 
-import com.fasterxml.jackson.annotation.JsonProperty;
+public record ExternalServiceCredentials(String username, String password) {
 
-public class ExternalServiceCredentials {
-
-  @JsonProperty
-  private String username;
-
-  @JsonProperty
-  private String password;
-
-  public ExternalServiceCredentials(String username, String password) {
-    this.username = username;
-    this.password = password;
-  }
-
-  public ExternalServiceCredentials() {}
-
-  public String getUsername() {
-    return username;
-  }
-
-  public String getPassword() {
-    return password;
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/OptionalAccess.java

@@ -8,6 +8,8 @@ package org.whispersystems.textsecuregcm.auth;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.Device;
 
+import javax.ws.rs.NotAuthorizedException;
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
 import java.security.MessageDigest;
@@ -36,9 +38,9 @@ public class OptionalAccess {
         }
 
         if (requestAccount.isPresent()) {
-          throw new WebApplicationException(Response.Status.NOT_FOUND);
+          throw new NotFoundException();
         } else {
-          throw new WebApplicationException(Response.Status.UNAUTHORIZED);
+          throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);
         }
       }
     } catch (NumberFormatException e) {
@@ -56,7 +58,7 @@ public class OptionalAccess {
 
     //noinspection ConstantConditions
     if (requestAccount.isPresent() && (targetAccount.isEmpty() || (targetAccount.isPresent() && !targetAccount.get().isEnabled()))) {
-      throw new WebApplicationException(Response.Status.NOT_FOUND);
+      throw new NotFoundException();
     }
 
     if (accessKey.isPresent() && targetAccount.isPresent() && targetAccount.get().isEnabled() && targetAccount.get().isUnrestrictedUnidentifiedAccess()) {
@@ -72,7 +74,7 @@ public class OptionalAccess {
       return;
     }
 
-    throw new WebApplicationException(Response.Status.UNAUTHORIZED);
+    throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/PhoneNumberChangeRefreshRequirementProvider.java

@@ -10,7 +10,6 @@ import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.stream.Collectors;
-import org.glassfish.jersey.server.ContainerRequest;
 import org.glassfish.jersey.server.monitoring.RequestEvent;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.util.Pair;

service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredRegistrationLock.java

@@ -21,6 +21,20 @@ public class StoredRegistrationLock {
 
   private final long             lastSeen;
 
+  /**
+   * @return milliseconds since the last time the account was seen.
+   */
+  private long timeSinceLastSeen() {
+    return System.currentTimeMillis() - lastSeen;
+  }
+
+  /**
+   * @return true if the registration lock and salt are both set.
+   */
+  private boolean hasLockAndSalt() {
+    return registrationLock.isPresent() && registrationLockSalt.isPresent();
+  }
+
   public StoredRegistrationLock(Optional<String> registrationLock, Optional<String> registrationLockSalt, long lastSeen) {
     this.registrationLock     = registrationLock;
     this.registrationLockSalt = registrationLockSalt;
@@ -28,24 +42,22 @@ public class StoredRegistrationLock {
   }
 
   public boolean requiresClientRegistrationLock() {
-    return registrationLock.isPresent() && registrationLockSalt.isPresent() && System.currentTimeMillis() - lastSeen < TimeUnit.DAYS.toMillis(7);
+    boolean hasTimeRemaining = getTimeRemaining() >= 0;
+    return hasLockAndSalt() && hasTimeRemaining;
   }
 
   public boolean needsFailureCredentials() {
-    return registrationLock.isPresent() && registrationLockSalt.isPresent();
+    return hasLockAndSalt();
   }
 
   public long getTimeRemaining() {
-    return TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - lastSeen);
+    return TimeUnit.DAYS.toMillis(7) - timeSinceLastSeen();
   }
 
   public boolean verify(@Nullable String clientRegistrationLock) {
-    if (Util.isEmpty(clientRegistrationLock)) {
-      return false;
-    }
-
-    if (registrationLock.isPresent() && registrationLockSalt.isPresent() && !Util.isEmpty(clientRegistrationLock)) {
-      return new AuthenticationCredentials(registrationLock.get(), registrationLockSalt.get()).verify(clientRegistrationLock);
+    if (hasLockAndSalt() && Util.nonEmpty(clientRegistrationLock)) {
+      AuthenticationCredentials credentials = new AuthenticationCredentials(registrationLock.get(), registrationLockSalt.get());
+      return credentials.verify(clientRegistrationLock);
     } else {
       return false;
     }

service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCode.java

@@ -5,60 +5,18 @@
 
 package org.whispersystems.textsecuregcm.auth;
 
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import java.security.MessageDigest;
 import java.time.Duration;
-import java.util.Optional;
 import javax.annotation.Nullable;
 import org.whispersystems.textsecuregcm.util.Util;
 
-public class StoredVerificationCode {
-
-  @JsonProperty
-  private final String code;
-
-  @JsonProperty
-  private final long timestamp;
-
-  @JsonProperty
-  private final String pushCode;
-
-  @JsonProperty
-  @Nullable
-  private final String twilioVerificationSid;
+public record StoredVerificationCode(String code,
+                                     long timestamp,
+                                     String pushCode,
+                                     @Nullable byte[] sessionId) {
 
   public static final Duration EXPIRATION = Duration.ofMinutes(10);
 
-  @JsonCreator
-  public StoredVerificationCode(
-      @JsonProperty("code") final String code,
-      @JsonProperty("timestamp") final long timestamp,
-      @JsonProperty("pushCode") final String pushCode,
-      @JsonProperty("twilioVerificationSid") @Nullable final String twilioVerificationSid) {
-
-    this.code = code;
-    this.timestamp = timestamp;
-    this.pushCode = pushCode;
-    this.twilioVerificationSid = twilioVerificationSid;
-  }
-
-  public String getCode() {
-    return code;
-  }
-
-  public long getTimestamp() {
-    return timestamp;
-  }
-
-  public String getPushCode() {
-    return pushCode;
-  }
-
-  public Optional<String> getTwilioVerificationSid() {
-    return Optional.ofNullable(twilioVerificationSid);
-  }
-
   public boolean isValid(String theirCodeString) {
     if (Util.isEmpty(code) || Util.isEmpty(theirCodeString)) {
       return false;

service/src/main/java/org/whispersystems/textsecuregcm/auth/TurnToken.java

@@ -6,6 +6,7 @@
 package org.whispersystems.textsecuregcm.auth;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.google.common.annotations.VisibleForTesting;
 
 import java.util.List;
 
@@ -25,4 +26,9 @@ public class TurnToken {
     this.password = password;
     this.urls     = urls;
   }
+
+  @VisibleForTesting
+  List<String> getUrls() {
+    return urls;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/TurnTokenGenerator.java

@@ -5,7 +5,13 @@
 
 package org.whispersystems.textsecuregcm.auth;
 
-import org.whispersystems.textsecuregcm.configuration.TurnConfiguration;
+import org.whispersystems.textsecuregcm.configuration.TurnUriConfiguration;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicTurnConfiguration;
+import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
+import org.whispersystems.textsecuregcm.util.Pair;
+import org.whispersystems.textsecuregcm.util.Util;
+import org.whispersystems.textsecuregcm.util.WeightedRandomSelect;
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
@@ -14,23 +20,24 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Base64;
 import java.util.List;
+import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 
 public class TurnTokenGenerator {
 
-  private final byte[]       key;
-  private final List<String> urls;
+  private final DynamicConfigurationManager<DynamicConfiguration> dynamicConfiguration;
 
-  public TurnTokenGenerator(TurnConfiguration configuration) {
-    this.key  = configuration.getSecret().getBytes();
-    this.urls = configuration.getUris();
+  public TurnTokenGenerator(final DynamicConfigurationManager<DynamicConfiguration> config) {
+    this.dynamicConfiguration = config;
   }
 
-  public TurnToken generate() {
+  public TurnToken generate(final String e164) {
     try {
+      byte[] key                = dynamicConfiguration.getConfiguration().getTurnConfiguration().getSecret().getBytes();
+      List<String> urls         = urls(e164);
       Mac    mac                = Mac.getInstance("HmacSHA1");
       long   validUntilSeconds  = (System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)) / 1000;
-      long   user               = Math.abs(new SecureRandom().nextInt());
+      long   user               = Util.ensureNonNegativeInt(new SecureRandom().nextInt());
       String userTime           = validUntilSeconds + ":"  + user;
 
       mac.init(new SecretKeySpec(key, "HmacSHA1"));
@@ -41,4 +48,22 @@ public class TurnTokenGenerator {
       throw new AssertionError(e);
     }
   }
+
+  private List<String> urls(final String e164) {
+    final DynamicTurnConfiguration turnConfig = dynamicConfiguration.getConfiguration().getTurnConfiguration();
+
+    // Check if number is enrolled to test out specific turn servers
+    final Optional<TurnUriConfiguration> enrolled = turnConfig.getUriConfigs().stream()
+        .filter(config -> config.getEnrolledNumbers().contains(e164))
+        .findFirst();
+    if (enrolled.isPresent()) {
+      return enrolled.get().getUris();
+    }
+
+    // Otherwise, select from turn server sets by weighted choice
+    return WeightedRandomSelect.select(turnConfig
+        .getUriConfigs()
+        .stream()
+        .map(c -> new Pair<List<String>, Long>(c.getUris(), c.getWeight())).toList());
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/WebsocketRefreshRequirementProvider.java

@@ -7,7 +7,6 @@ package org.whispersystems.textsecuregcm.auth;
 
 import java.util.List;
 import java.util.UUID;
-import org.glassfish.jersey.server.ContainerRequest;
 import org.glassfish.jersey.server.monitoring.RequestEvent;
 import org.whispersystems.textsecuregcm.util.Pair;
 

service/src/main/java/org/whispersystems/textsecuregcm/captcha/AssessmentResult.java

@@ -0,0 +1,27 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+/**
+ * A captcha assessment
+ *
+ * @param valid whether the captcha was passed
+ * @param score string representation of the risk level
+ */
+public record AssessmentResult(boolean valid, String score) {
+
+  public static AssessmentResult invalid() {
+    return new AssessmentResult(false, "");
+  }
+
+  /**
+   * Map a captcha score in [0.0, 1.0] to a low cardinality discrete space in [0, 100] suitable for use in metrics
+   */
+  static String scoreString(final float score) {
+    final int x = Math.round(score * 10); // [0, 10]
+    return Integer.toString(x * 10); // [0, 100] in increments of 10
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/CaptchaChecker.java

@@ -0,0 +1,76 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import com.google.common.annotations.VisibleForTesting;
+import io.micrometer.core.instrument.Metrics;
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import javax.ws.rs.BadRequestException;
+
+import static org.whispersystems.textsecuregcm.metrics.MetricsUtil.name;
+
+public class CaptchaChecker {
+  private static final String ASSESSMENTS_COUNTER_NAME = name(RecaptchaClient.class, "assessments");
+
+  @VisibleForTesting
+  static final String SEPARATOR = ".";
+
+  private final Map<String, CaptchaClient> captchaClientMap;
+
+  public CaptchaChecker(final List<CaptchaClient> captchaClients) {
+    this.captchaClientMap = captchaClients.stream()
+        .collect(Collectors.toMap(CaptchaClient::scheme, Function.identity()));
+  }
+
+  /**
+   * Check if a solved captcha should be accepted
+   * <p>
+   *
+   * @param input expected to contain a prefix indicating the captcha scheme, sitekey, token, and action. The expected
+   *              format is {@code version-prefix.sitekey.[action.]token}
+   * @param ip    IP of the solver
+   * @return An {@link AssessmentResult} indicating whether the solution should be accepted, and a score that can be
+   * used for metrics
+   * @throws IOException         if there is an error validating the captcha with the underlying service
+   * @throws BadRequestException if input is not in the expected format
+   */
+  public AssessmentResult verify(final String input, final String ip) throws IOException {
+    /*
+     * For action to be optional, there is a strong assumption that the token will never contain a {@value  SEPARATOR}.
+     * Observation suggests {@code token} is base-64 encoded. In practice, an action should always be present, but we
+     * don’t need to be strict.
+     */
+    final String[] parts = input.split("\\" + SEPARATOR, 4);
+
+    // we allow missing actions, if we're missing 1 part, assume it's the action
+    if (parts.length < 3) {
+      throw new BadRequestException("too few parts");
+    }
+
+    int idx = 0;
+    final String prefix = parts[idx++];
+    final String siteKey = parts[idx++];
+    final String action = parts.length == 3 ? null : parts[idx++];
+    final String token = parts[idx];
+
+    final CaptchaClient client = this.captchaClientMap.get(prefix);
+    if (client == null) {
+      throw new BadRequestException("invalid captcha scheme");
+    }
+    final AssessmentResult result = client.verify(siteKey, action, token, ip);
+    Metrics.counter(ASSESSMENTS_COUNTER_NAME,
+            "action", String.valueOf(action),
+            "valid", String.valueOf(result.valid()),
+            "score", result.score(),
+            "provider", prefix)
+        .increment();
+    return result;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/CaptchaClient.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import javax.annotation.Nullable;
+import java.io.IOException;
+
+public interface CaptchaClient {
+
+  /**
+   * @return the identifying captcha scheme that this CaptchaClient handles
+   */
+  String scheme();
+
+  /**
+   * Verify a provided captcha solution
+   *
+   * @param siteKey identifying string for the captcha service
+   * @param action  an optional action indicating the purpose of the captcha
+   * @param token   the captcha solution that will be verified
+   * @param ip      the ip of the captcha solve
+   * @return An {@link AssessmentResult} indicating whether the solution should be accepted
+   * @throws IOException if the underlying captcha provider returns an error
+   */
+  AssessmentResult verify(
+      final String siteKey,
+      final @Nullable String action,
+      final String token,
+      final String ip) throws IOException;
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/HCaptchaClient.java

@@ -0,0 +1,114 @@
+/*
+ * Copyright 2021-2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import static org.whispersystems.textsecuregcm.metrics.MetricsUtil.name;
+
+import io.micrometer.core.instrument.Metrics;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URLEncoder;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.nio.charset.StandardCharsets;
+import javax.annotation.Nullable;
+import javax.ws.rs.core.Response;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicCaptchaConfiguration;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
+import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
+import org.whispersystems.textsecuregcm.util.SystemMapper;
+
+public class HCaptchaClient implements CaptchaClient {
+
+  private static final Logger logger = LoggerFactory.getLogger(HCaptchaClient.class);
+  private static final String PREFIX = "signal-hcaptcha";
+  private static final String ASSESSMENT_REASON_COUNTER_NAME = name(HCaptchaClient.class, "assessmentReason");
+  private static final String INVALID_REASON_COUNTER_NAME = name(HCaptchaClient.class, "invalidReason");
+  private final String apiKey;
+  private final HttpClient client;
+  private final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager;
+
+  public HCaptchaClient(
+      final String apiKey,
+      final HttpClient client,
+      final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager) {
+    this.apiKey = apiKey;
+    this.client = client;
+    this.dynamicConfigurationManager = dynamicConfigurationManager;
+  }
+
+  @Override
+  public String scheme() {
+    return PREFIX;
+  }
+
+  @Override
+  public AssessmentResult verify(final String siteKey, final @Nullable String action, final String token,
+      final String ip)
+      throws IOException {
+
+    final DynamicCaptchaConfiguration config = dynamicConfigurationManager.getConfiguration().getCaptchaConfiguration();
+    if (!config.isAllowHCaptcha()) {
+      logger.warn("Received request to verify an hCaptcha, but hCaptcha is not enabled");
+      return AssessmentResult.invalid();
+    }
+
+    final String body = String.format("response=%s&secret=%s&remoteip=%s",
+        URLEncoder.encode(token, StandardCharsets.UTF_8),
+        URLEncoder.encode(this.apiKey, StandardCharsets.UTF_8),
+        ip);
+    HttpRequest request = HttpRequest.newBuilder()
+        .uri(URI.create("https://hcaptcha.com/siteverify"))
+        .header("Content-Type", "application/x-www-form-urlencoded")
+        .POST(HttpRequest.BodyPublishers.ofString(body))
+        .build();
+
+    HttpResponse<String> response;
+    try {
+      response = this.client.send(request, HttpResponse.BodyHandlers.ofString());
+    } catch (InterruptedException e) {
+      throw new IOException(e);
+    }
+
+    if (response.statusCode() != Response.Status.OK.getStatusCode()) {
+      logger.warn("failure submitting token to hCaptcha (code={}): {}", response.statusCode(), response);
+      throw new IOException("hCaptcha http failure : " + response.statusCode());
+    }
+
+    final HCaptchaResponse hCaptchaResponse = SystemMapper.getMapper()
+        .readValue(response.body(), HCaptchaResponse.class);
+
+    logger.debug("received hCaptcha response: {}", hCaptchaResponse);
+
+    if (!hCaptchaResponse.success) {
+      for (String errorCode : hCaptchaResponse.errorCodes) {
+        Metrics.counter(INVALID_REASON_COUNTER_NAME,
+            "action", String.valueOf(action),
+            "reason", errorCode).increment();
+      }
+      return AssessmentResult.invalid();
+    }
+
+    // hcaptcha uses the inverse scheme of recaptcha (for hcaptcha, a low score is less risky)
+    float score = 1.0f - hCaptchaResponse.score;
+    if (score < 0.0f || score > 1.0f) {
+      logger.error("Invalid score {} from hcaptcha response {}", hCaptchaResponse.score, hCaptchaResponse);
+      return AssessmentResult.invalid();
+    }
+    final String scoreString = AssessmentResult.scoreString(score);
+
+    for (String reason : hCaptchaResponse.scoreReasons) {
+      Metrics.counter(ASSESSMENT_REASON_COUNTER_NAME,
+          "action", String.valueOf(action),
+          "reason", reason,
+          "score", scoreString).increment();
+    }
+    return new AssessmentResult(score >= config.getScoreFloor().floatValue(), scoreString);
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/HCaptchaResponse.java

@@ -0,0 +1,57 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.time.Duration;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * Verify response returned by hcaptcha
+ * <p>
+ * see <a href="https://docs.hcaptcha.com/#verify-the-user-response-server-side">...</a>
+ */
+public class HCaptchaResponse {
+
+  @JsonProperty
+  boolean success;
+
+  @JsonProperty(value = "challenge-ts")
+  Duration challengeTs;
+
+  @JsonProperty
+  String hostname;
+
+  @JsonProperty
+  boolean credit;
+
+  @JsonProperty(value = "error-codes")
+  List<String> errorCodes = Collections.emptyList();
+
+  @JsonProperty
+  float score;
+
+  @JsonProperty(value = "score-reasons")
+  List<String> scoreReasons = Collections.emptyList();
+
+  public HCaptchaResponse() {
+  }
+
+  @Override
+  public String toString() {
+    return "HCaptchaResponse{" +
+        "success=" + success +
+        ", challengeTs=" + challengeTs +
+        ", hostname='" + hostname + '\'' +
+        ", credit=" + credit +
+        ", errorCodes=" + errorCodes +
+        ", score=" + score +
+        ", scoreReasons=" + scoreReasons +
+        '}';
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/RecaptchaClient.java

@@ -0,0 +1,113 @@
+/*
+ * Copyright 2021-2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import static org.whispersystems.textsecuregcm.metrics.MetricsUtil.name;
+
+import com.google.api.gax.core.FixedCredentialsProvider;
+import com.google.api.gax.rpc.ApiException;
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.cloud.recaptchaenterprise.v1.RecaptchaEnterpriseServiceClient;
+import com.google.cloud.recaptchaenterprise.v1.RecaptchaEnterpriseServiceSettings;
+import com.google.recaptchaenterprise.v1.Assessment;
+import com.google.recaptchaenterprise.v1.Event;
+import com.google.recaptchaenterprise.v1.RiskAnalysis;
+import io.micrometer.core.instrument.Metrics;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Objects;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicCaptchaConfiguration;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
+import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
+
+public class RecaptchaClient implements CaptchaClient {
+
+  private static final Logger log = LoggerFactory.getLogger(RecaptchaClient.class);
+
+  private static final String V2_PREFIX = "signal-recaptcha-v2";
+  private static final String INVALID_REASON_COUNTER_NAME = name(RecaptchaClient.class, "invalidReason");
+  private static final String ASSESSMENT_REASON_COUNTER_NAME = name(RecaptchaClient.class, "assessmentReason");
+
+  private final String projectPath;
+  private final RecaptchaEnterpriseServiceClient client;
+  private final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager;
+
+  public RecaptchaClient(
+      @Nonnull final String projectPath,
+      @Nonnull final String recaptchaCredentialConfigurationJson,
+      final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager) {
+    try {
+      this.projectPath = Objects.requireNonNull(projectPath);
+      this.client = RecaptchaEnterpriseServiceClient.create(RecaptchaEnterpriseServiceSettings.newBuilder()
+          .setCredentialsProvider(FixedCredentialsProvider.create(GoogleCredentials.fromStream(
+              new ByteArrayInputStream(recaptchaCredentialConfigurationJson.getBytes(StandardCharsets.UTF_8)))))
+          .build());
+
+      this.dynamicConfigurationManager = dynamicConfigurationManager;
+    } catch (IOException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  @Override
+  public String scheme() {
+    return V2_PREFIX;
+  }
+
+  @Override
+  public org.whispersystems.textsecuregcm.captcha.AssessmentResult verify(final String sitekey,
+      final @Nullable String expectedAction,
+      final String token, final String ip) throws IOException {
+    final DynamicCaptchaConfiguration config = dynamicConfigurationManager.getConfiguration().getCaptchaConfiguration();
+    if (!config.isAllowRecaptcha()) {
+      log.warn("Received request to verify a recaptcha, but recaptcha is not enabled");
+      return AssessmentResult.invalid();
+    }
+
+    Event.Builder eventBuilder = Event.newBuilder()
+        .setSiteKey(sitekey)
+        .setToken(token)
+        .setUserIpAddress(ip);
+
+    if (expectedAction != null) {
+      eventBuilder.setExpectedAction(expectedAction);
+    }
+
+    final Event event = eventBuilder.build();
+    final Assessment assessment;
+    try {
+      assessment = client.createAssessment(projectPath, Assessment.newBuilder().setEvent(event).build());
+    } catch (ApiException e) {
+      throw new IOException(e);
+    }
+
+    if (assessment.getTokenProperties().getValid()) {
+      final float score = assessment.getRiskAnalysis().getScore();
+      log.debug("assessment for {} was valid, score: {}", expectedAction, score);
+      for (RiskAnalysis.ClassificationReason reason : assessment.getRiskAnalysis().getReasonsList()) {
+        Metrics.counter(ASSESSMENT_REASON_COUNTER_NAME,
+                "action", String.valueOf(expectedAction),
+                "score", AssessmentResult.scoreString(score),
+                "reason", reason.name())
+            .increment();
+      }
+      return new AssessmentResult(
+          score >= config.getScoreFloor().floatValue(),
+          AssessmentResult.scoreString(score));
+    } else {
+      Metrics.counter(INVALID_REASON_COUNTER_NAME,
+              "action", String.valueOf(expectedAction),
+              "reason", assessment.getTokenProperties().getInvalidReason().name())
+          .increment();
+      return AssessmentResult.invalid();
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/AdminEventLoggingConfiguration.java

@@ -0,0 +1,14 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import javax.validation.constraints.NotEmpty;
+
+public record AdminEventLoggingConfiguration(
+    @NotEmpty String credentials,
+    @NotEmpty String projectId,
+    @NotEmpty String logName) {
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/ArtServiceConfiguration.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.binary.Hex;
+
+import java.time.Duration;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+public class ArtServiceConfiguration {
+
+  @NotEmpty
+  @JsonProperty
+  private String userAuthenticationTokenSharedSecret;
+
+  @NotEmpty
+  @JsonProperty
+  private String userAuthenticationTokenUserIdSecret;
+
+  @JsonProperty
+  @NotNull
+  private Duration tokenExpiration = Duration.ofDays(1);
+
+  public byte[] getUserAuthenticationTokenSharedSecret() throws DecoderException {
+    return Hex.decodeHex(userAuthenticationTokenSharedSecret.toCharArray());
+  }
+
+  public byte[] getUserAuthenticationTokenUserIdSecret() throws DecoderException {
+    return Hex.decodeHex(userAuthenticationTokenUserIdSecret.toCharArray());
+  }
+
+  public Duration getTokenExpiration() {
+    return tokenExpiration;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BoostConfiguration.java

@@ -1,58 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import java.math.BigDecimal;
-import java.time.Duration;
-import java.util.List;
-import java.util.Map;
-import javax.validation.Valid;
-import javax.validation.constraints.DecimalMin;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-import org.whispersystems.textsecuregcm.util.ExactlySize;
-
-public class BoostConfiguration {
-
-  private final long level;
-  private final Duration expiration;
-  private final Map<String, List<BigDecimal>> currencies;
-  private final String badge;
-
-  @JsonCreator
-  public BoostConfiguration(
-      @JsonProperty("level") long level,
-      @JsonProperty("expiration") Duration expiration,
-      @JsonProperty("currencies") Map<String, List<BigDecimal>> currencies,
-      @JsonProperty("badge") String badge) {
-    this.level = level;
-    this.expiration = expiration;
-    this.currencies = currencies;
-    this.badge = badge;
-  }
-
-  public long getLevel() {
-    return level;
-  }
-
-  @NotNull
-  public Duration getExpiration() {
-    return expiration;
-  }
-
-  @Valid
-  @NotNull
-  public Map<@NotEmpty String, @Valid @ExactlySize(6) List<@DecimalMin("0.01") @NotNull BigDecimal>> getCurrencies() {
-    return currencies;
-  }
-
-  @NotEmpty
-  public String getBadge() {
-    return badge;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BraintreeConfiguration.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import java.util.Map;
+import java.util.Set;
+import javax.validation.Valid;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+/**
+ * @param merchantId          the Braintree merchant ID
+ * @param publicKey           the Braintree API public key
+ * @param privateKey          the Braintree API private key
+ * @param environment         the Braintree environment ("production" or "sandbox")
+ * @param supportedCurrencies the set of supported currencies
+ * @param graphqlUrl          the Braintree GraphQL URl to use (this must match the environment)
+ * @param merchantAccounts    merchant account within the merchant for processing individual currencies
+ * @param circuitBreaker      configuration for the circuit breaker used by the GraphQL HTTP client
+ */
+public record BraintreeConfiguration(@NotBlank String merchantId,
+                                     @NotBlank String publicKey,
+                                     @NotBlank String privateKey,
+                                     @NotBlank String environment,
+                                     @NotEmpty Set<@NotBlank String> supportedCurrencies,
+                                     @NotBlank String graphqlUrl,
+                                     @NotEmpty Map<String, String> merchantAccounts,
+                                     @NotNull
+                                     @Valid
+                                     CircuitBreakerConfiguration circuitBreaker) {
+
+  public BraintreeConfiguration {
+    if (circuitBreaker == null) {
+      // It’s a little counter-intuitive, but this compact constructor allows a default value
+      // to be used when one isn’t specified (e.g. in YAML), allowing the field to still be
+      // validated as @NotNull
+      circuitBreaker = new CircuitBreakerConfiguration();
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/CircuitBreakerConfiguration.java

@@ -27,12 +27,17 @@ public class CircuitBreakerConfiguration {
   @JsonProperty
   @NotNull
   @Min(1)
-  private int ringBufferSizeInHalfOpenState = 10;
+  private int permittedNumberOfCallsInHalfOpenState = 10;
 
   @JsonProperty
   @NotNull
   @Min(1)
-  private int ringBufferSizeInClosedState = 100;
+  private int slidingWindowSize = 100;
+
+  @JsonProperty
+  @NotNull
+  @Min(1)
+  private int slidingWindowMinimumNumberOfCalls = 100;
 
   @JsonProperty
   @NotNull
@@ -47,28 +52,32 @@ public class CircuitBreakerConfiguration {
     return failureRateThreshold;
   }
 
-  public int getRingBufferSizeInHalfOpenState() {
-    return ringBufferSizeInHalfOpenState;
+  public int getPermittedNumberOfCallsInHalfOpenState() {
+    return permittedNumberOfCallsInHalfOpenState;
   }
 
-  public int getRingBufferSizeInClosedState() {
-    return ringBufferSizeInClosedState;
+  public int getSlidingWindowSize() {
+    return slidingWindowSize;
+  }
+
+  public int getSlidingWindowMinimumNumberOfCalls() {
+    return slidingWindowMinimumNumberOfCalls;
   }
 
   public long getWaitDurationInOpenStateInSeconds() {
     return waitDurationInOpenStateInSeconds;
   }
 
-  public List<Class> getIgnoredExceptions() {
-      return ignoredExceptions.stream()
-          .map(name -> {
-             try {
-               return Class.forName(name);
-             } catch (final ClassNotFoundException e) {
-               throw new RuntimeException(e);
-             }
-          })
-          .collect(Collectors.toList());
+  public List<Class<?>> getIgnoredExceptions() {
+    return ignoredExceptions.stream()
+        .map(name -> {
+          try {
+            return Class.forName(name);
+          } catch (final ClassNotFoundException e) {
+            throw new RuntimeException(e);
+          }
+        })
+        .collect(Collectors.toList());
   }
 
   @VisibleForTesting
@@ -77,13 +86,18 @@ public class CircuitBreakerConfiguration {
   }
 
   @VisibleForTesting
-  public void setRingBufferSizeInClosedState(int size) {
-    this.ringBufferSizeInClosedState = size;
+  public void setSlidingWindowSize(int size) {
+    this.slidingWindowSize = size;
   }
 
   @VisibleForTesting
-  public void setRingBufferSizeInHalfOpenState(int size) {
-    this.ringBufferSizeInHalfOpenState = size;
+  public void setSlidingWindowMinimumNumberOfCalls(int size) {
+    this.slidingWindowMinimumNumberOfCalls = size;
+  }
+
+  @VisibleForTesting
+  public void setPermittedNumberOfCallsInHalfOpenState(int size) {
+    this.permittedNumberOfCallsInHalfOpenState = size;
   }
 
   @VisibleForTesting
@@ -98,11 +112,12 @@ public class CircuitBreakerConfiguration {
 
   public CircuitBreakerConfig toCircuitBreakerConfig() {
     return CircuitBreakerConfig.custom()
-                        .failureRateThreshold(getFailureRateThreshold())
-                        .ignoreExceptions(getIgnoredExceptions().toArray(new Class[0]))
-                        .ringBufferSizeInHalfOpenState(getRingBufferSizeInHalfOpenState())
-                        .waitDurationInOpenState(Duration.ofSeconds(getWaitDurationInOpenStateInSeconds()))
-                        .ringBufferSizeInClosedState(getRingBufferSizeInClosedState())
-                        .build();
+        .failureRateThreshold(getFailureRateThreshold())
+        .ignoreExceptions(getIgnoredExceptions().toArray(new Class[0]))
+        .permittedNumberOfCallsInHalfOpenState(getPermittedNumberOfCallsInHalfOpenState())
+        .waitDurationInOpenState(Duration.ofSeconds(getWaitDurationInOpenStateInSeconds()))
+        .slidingWindow(getSlidingWindowSize(), getSlidingWindowMinimumNumberOfCalls(),
+            CircuitBreakerConfig.SlidingWindowType.COUNT_BASED)
+        .build();
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DirectoryServerConfiguration.java

@@ -5,7 +5,9 @@
 package org.whispersystems.textsecuregcm.configuration;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
+import java.util.List;
 
 public class DirectoryServerConfiguration {
 
@@ -23,7 +25,7 @@ public class DirectoryServerConfiguration {
 
   @NotEmpty
   @JsonProperty
-  private String replicationCaCertificate;
+  private List<@NotBlank String> replicationCaCertificates;
 
   public String getReplicationName() {
     return replicationName;
@@ -37,8 +39,8 @@ public class DirectoryServerConfiguration {
     return replicationPassword;
   }
 
-  public String getReplicationCaCertificate() {
-    return replicationCaCertificate;
+  public List<String> getReplicationCaCertificates() {
+    return replicationCaCertificates;
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DirectoryV2ClientConfiguration.java

@@ -11,11 +11,14 @@ import org.whispersystems.textsecuregcm.util.ExactlySize;
 public class DirectoryV2ClientConfiguration {
 
   private final byte[] userAuthenticationTokenSharedSecret;
+  private final byte[] userIdTokenSharedSecret;
 
   @JsonCreator
   public DirectoryV2ClientConfiguration(
-      @JsonProperty("userAuthenticationTokenSharedSecret") final byte[] userAuthenticationTokenSharedSecret) {
+      @JsonProperty("userAuthenticationTokenSharedSecret") final byte[] userAuthenticationTokenSharedSecret,
+      @JsonProperty("userIdTokenSharedSecret") final byte[] userIdTokenSharedSecret) {
     this.userAuthenticationTokenSharedSecret = userAuthenticationTokenSharedSecret;
+    this.userIdTokenSharedSecret = userIdTokenSharedSecret;
   }
 
   @ExactlySize({32})
@@ -23,4 +26,8 @@ public class DirectoryV2ClientConfiguration {
     return userAuthenticationTokenSharedSecret;
   }
 
+  @ExactlySize({32})
+  public byte[] getUserIdTokenSharedSecret() {
+    return userIdTokenSharedSecret;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DonationConfiguration.java

@@ -1,78 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.google.common.annotations.VisibleForTesting;
-import java.util.Set;
-import javax.validation.Valid;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
-public class DonationConfiguration {
-
-  private String uri;
-  private String description;
-  private Set<String> supportedCurrencies;
-  private CircuitBreakerConfiguration circuitBreaker = new CircuitBreakerConfiguration();
-  private RetryConfiguration retry = new RetryConfiguration();
-
-  @JsonProperty
-  @NotEmpty
-  public String getUri() {
-    return uri;
-  }
-
-  @VisibleForTesting
-  public void setUri(final String uri) {
-    this.uri = uri;
-  }
-
-  @JsonProperty
-  public String getDescription() {
-    return description;
-  }
-
-  @VisibleForTesting
-  public void setDescription(final String description) {
-    this.description = description;
-  }
-
-  @JsonProperty
-  @NotEmpty
-  public Set<String> getSupportedCurrencies() {
-    return supportedCurrencies;
-  }
-
-  @VisibleForTesting
-  public void setSupportedCurrencies(final Set<String> supportedCurrencies) {
-    this.supportedCurrencies = supportedCurrencies;
-  }
-
-  @JsonProperty
-  @NotNull
-  @Valid
-  public CircuitBreakerConfiguration getCircuitBreaker() {
-    return circuitBreaker;
-  }
-
-  @VisibleForTesting
-  public void setCircuitBreaker(final CircuitBreakerConfiguration circuitBreaker) {
-    this.circuitBreaker = circuitBreaker;
-  }
-
-  @JsonProperty
-  @NotNull
-  @Valid
-  public RetryConfiguration getRetry() {
-    return retry;
-  }
-
-  @VisibleForTesting
-  public void setRetry(final RetryConfiguration retry) {
-    this.retry = retry;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/FcmConfiguration.java

@@ -0,0 +1,11 @@
+/*
+ * Copyright 2013-2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import javax.validation.constraints.NotBlank;
+
+public record FcmConfiguration(@NotBlank String credentials) {
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/GcmConfiguration.java

@@ -1,29 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
-public class GcmConfiguration {
-
-  @NotNull
-  @JsonProperty
-  private long senderId;
-
-  @NotEmpty
-  @JsonProperty
-  private String apiKey;
-
-  public String getApiKey() {
-    return apiKey;
-  }
-
-  public long getSenderId() {
-    return senderId;
-  }
-
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/HCaptchaConfiguration.java

@@ -0,0 +1,11 @@
+/*
+ * Copyright 2021-2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import javax.validation.constraints.NotBlank;
+
+public record HCaptchaConfiguration(@NotBlank String apiKey) {
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/OneTimeDonationConfiguration.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import java.time.Duration;
+import java.util.Map;
+import javax.validation.Valid;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Positive;
+
+/**
+ * @param boost      configuration for individual donations
+ * @param gift       configuration for gift donations
+ * @param currencies map of lower-cased ISO 3 currency codes and the suggested donation amounts in that currency
+ */
+public record OneTimeDonationConfiguration(@Valid ExpiringLevelConfiguration boost,
+                                           @Valid ExpiringLevelConfiguration gift,
+                                           Map<String, @Valid OneTimeDonationCurrencyConfiguration> currencies) {
+
+  /**
+   * @param badge      the numeric donation level ID
+   * @param level      the badge ID associated with the level
+   * @param expiration the duration after which the level expires
+   */
+  public record ExpiringLevelConfiguration(@NotEmpty String badge, @Positive long level, Duration expiration) {
+
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/OneTimeDonationCurrencyConfiguration.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import java.math.BigDecimal;
+import java.util.List;
+import javax.validation.Valid;
+import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.util.ExactlySize;
+
+/**
+ * One-time donation configuration for a given currency
+ *
+ * @param minimum the minimum amount permitted to be charged in this currency
+ * @param gift    the suggested gift donation amount
+ * @param boosts  the list of suggested one-time donation amounts
+ */
+public record OneTimeDonationCurrencyConfiguration(
+    @NotNull @DecimalMin("0.01") BigDecimal minimum,
+    @NotNull @DecimalMin("0.01") BigDecimal gift,
+    @Valid
+    @ExactlySize(6)
+    @NotNull
+    List<@NotNull @DecimalMin("0.01") BigDecimal> boosts) {
+
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/PaymentsServiceConfiguration.java

@@ -9,8 +9,10 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
 
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 import java.util.List;
+import java.util.Map;
 
 public class PaymentsServiceConfiguration {
 
@@ -18,6 +20,14 @@ public class PaymentsServiceConfiguration {
   @JsonProperty
   private String userAuthenticationTokenSharedSecret;
 
+  @NotBlank
+  @JsonProperty
+  private String coinMarketCapApiKey;
+
+  @JsonProperty
+  @NotEmpty
+  private Map<@NotBlank String, Integer> coinMarketCapCurrencyIds;
+
   @NotEmpty
   @JsonProperty
   private String fixerApiKey;
@@ -30,6 +40,14 @@ public class PaymentsServiceConfiguration {
     return Hex.decodeHex(userAuthenticationTokenSharedSecret.toCharArray());
   }
 
+  public String getCoinMarketCapApiKey() {
+    return coinMarketCapApiKey;
+  }
+
+  public Map<String, Integer> getCoinMarketCapCurrencyIds() {
+    return coinMarketCapCurrencyIds;
+  }
+
   public String getFixerApiKey() {
     return fixerApiKey;
   }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/PushConfiguration.java

@@ -1,20 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import javax.validation.constraints.Min;
-
-public class PushConfiguration {
-
-  @JsonProperty
-  @Min(0)
-  private int queueSize = 200;
-
-  public int getQueueSize() {
-    return queueSize;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RateLimitsConfiguration.java

@@ -5,7 +5,6 @@
 package org.whispersystems.textsecuregcm.configuration;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
-import java.time.Duration;
 
 public class RateLimitsConfiguration {
 
@@ -37,7 +36,7 @@ public class RateLimitsConfiguration {
   private RateLimitConfiguration attachments = new RateLimitConfiguration(50, 50);
 
   @JsonProperty
-  private RateLimitConfiguration prekeys = new RateLimitConfiguration(3, 1.0 / 10.0);
+  private RateLimitConfiguration prekeys = new RateLimitConfiguration(6, 1.0 / 10.0);
 
   @JsonProperty
   private RateLimitConfiguration messages = new RateLimitConfiguration(60, 60);
@@ -46,7 +45,7 @@ public class RateLimitsConfiguration {
   private RateLimitConfiguration allocateDevice = new RateLimitConfiguration(2, 1.0 / 2.0);
 
   @JsonProperty
-  private RateLimitConfiguration verifyDevice = new RateLimitConfiguration(2, 2);
+  private RateLimitConfiguration verifyDevice = new RateLimitConfiguration(6, 1.0 / 10.0);
 
   @JsonProperty
   private RateLimitConfiguration turnAllocations = new RateLimitConfiguration(60, 60);
@@ -57,15 +56,24 @@ public class RateLimitsConfiguration {
   @JsonProperty
   private RateLimitConfiguration stickerPack = new RateLimitConfiguration(50, 20 / (24.0 * 60.0));
 
+  @JsonProperty
+  private RateLimitConfiguration artPack = new RateLimitConfiguration(50, 20 / (24.0 * 60.0));
+
   @JsonProperty
   private RateLimitConfiguration usernameLookup = new RateLimitConfiguration(100, 100 / (24.0 * 60.0));
 
   @JsonProperty
   private RateLimitConfiguration usernameSet = new RateLimitConfiguration(100, 100 / (24.0 * 60.0));
 
+  @JsonProperty
+  private RateLimitConfiguration usernameReserve = new RateLimitConfiguration(100, 100 / (24.0 * 60.0));
+
   @JsonProperty
   private RateLimitConfiguration checkAccountExistence = new RateLimitConfiguration(1_000, 1_000 / 60.0);
 
+  @JsonProperty
+  private RateLimitConfiguration stories = new RateLimitConfiguration(10_000, 10_000 / (24.0 * 60.0));
+
   public RateLimitConfiguration getAutoBlock() {
     return autoBlock;
   }
@@ -130,6 +138,10 @@ public class RateLimitsConfiguration {
     return stickerPack;
   }
 
+  public RateLimitConfiguration getArtPack() {
+    return artPack;
+  }
+
   public RateLimitConfiguration getUsernameLookup() {
     return usernameLookup;
   }
@@ -138,10 +150,16 @@ public class RateLimitsConfiguration {
     return usernameSet;
   }
 
+  public RateLimitConfiguration getUsernameReserve() {
+    return usernameReserve;
+  }
+
   public RateLimitConfiguration getCheckAccountExistence() {
     return checkAccountExistence;
   }
 
+  public RateLimitConfiguration getStories() { return stories; }
+
   public static class RateLimitConfiguration {
     @JsonProperty
     private int bucketSize;
@@ -164,28 +182,4 @@ public class RateLimitsConfiguration {
       return leakRatePerMinute;
     }
   }
-
-  public static class CardinalityRateLimitConfiguration {
-    @JsonProperty
-    private int maxCardinality;
-
-    @JsonProperty
-    private Duration ttl;
-
-    public CardinalityRateLimitConfiguration() {
-    }
-
-    public CardinalityRateLimitConfiguration(int maxCardinality, Duration ttl) {
-      this.maxCardinality = maxCardinality;
-      this.ttl = ttl;
-    }
-
-    public int getMaxCardinality() {
-      return maxCardinality;
-    }
-
-    public Duration getTtl() {
-      return ttl;
-    }
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RecaptchaConfiguration.java

@@ -1,21 +1,24 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2021-2022 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
 package org.whispersystems.textsecuregcm.configuration;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
 import javax.validation.constraints.NotEmpty;
 
 public class RecaptchaConfiguration {
 
-  @JsonProperty
-  @NotEmpty
-  private String secret;
+  private String projectPath;
+  private String credentialConfigurationJson;
 
-  public String getSecret() {
-    return secret;
+  @NotEmpty
+  public String getProjectPath() {
+    return projectPath;
   }
 
+  @NotEmpty
+  public String getCredentialConfigurationJson() {
+    return credentialConfigurationJson;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RecaptchaV2Configuration.java

@@ -1,42 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import java.math.BigDecimal;
-import javax.validation.constraints.DecimalMax;
-import javax.validation.constraints.DecimalMin;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
-public class RecaptchaV2Configuration {
-
-  private BigDecimal scoreFloor;
-  private String projectPath;
-  private String siteKey;
-  private String credentialConfigurationJson;
-
-  @DecimalMin("0")
-  @DecimalMax("1")
-  @NotNull
-  public BigDecimal getScoreFloor() {
-    return scoreFloor;
-  }
-
-  @NotEmpty
-  public String getProjectPath() {
-    return projectPath;
-  }
-
-  @NotEmpty
-  public String getSiteKey() {
-    return siteKey;
-  }
-
-  @NotEmpty
-  public String getCredentialConfigurationJson() {
-    return credentialConfigurationJson;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java

@@ -0,0 +1,49 @@
+package org.whispersystems.textsecuregcm.configuration;
+
+import javax.validation.constraints.NotBlank;
+
+public class RegistrationServiceConfiguration {
+
+  @NotBlank
+  private String host;
+
+  private int port = 443;
+
+  @NotBlank
+  private String apiKey;
+
+  @NotBlank
+  private String registrationCaCertificate;
+
+  public String getHost() {
+    return host;
+  }
+
+  public void setHost(final String host) {
+    this.host = host;
+  }
+
+  public int getPort() {
+    return port;
+  }
+
+  public void setPort(final int port) {
+    this.port = port;
+  }
+
+  public String getApiKey() {
+    return apiKey;
+  }
+
+  public void setApiKey(final String apiKey) {
+    this.apiKey = apiKey;
+  }
+
+  public String getRegistrationCaCertificate() {
+    return registrationCaCertificate;
+  }
+
+  public void setRegistrationCaCertificate(final String registrationCaCertificate) {
+    this.registrationCaCertificate = registrationCaCertificate;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SecureBackupServiceConfiguration.java

@@ -13,6 +13,7 @@ import javax.validation.constraints.NotNull;
 import com.google.common.annotations.VisibleForTesting;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
+import java.util.List;
 
 public class SecureBackupServiceConfiguration {
 
@@ -24,9 +25,9 @@ public class SecureBackupServiceConfiguration {
   @JsonProperty
   private String uri;
 
-  @NotBlank
+  @NotEmpty
   @JsonProperty
-  private String backupCaCertificate;
+  private List<@NotBlank String> backupCaCertificates;
 
   @NotNull
   @Valid
@@ -52,12 +53,12 @@ public class SecureBackupServiceConfiguration {
   }
 
   @VisibleForTesting
-  public void setBackupCaCertificate(final String backupCaCertificate) {
-    this.backupCaCertificate = backupCaCertificate;
+  public void setBackupCaCertificates(final List<String> backupCaCertificates) {
+    this.backupCaCertificates = backupCaCertificates;
   }
 
-  public String getBackupCaCertificate() {
-    return backupCaCertificate;
+  public List<String> getBackupCaCertificates() {
+    return backupCaCertificates;
   }
 
   public CircuitBreakerConfiguration getCircuitBreakerConfiguration() {

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SecureStorageServiceConfiguration.java

@@ -13,6 +13,7 @@ import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
+import java.util.List;
 
 public class SecureStorageServiceConfiguration {
 
@@ -24,9 +25,9 @@ public class SecureStorageServiceConfiguration {
   @JsonProperty
   private String uri;
 
-  @NotBlank
+  @NotEmpty
   @JsonProperty
-  private String storageCaCertificate;
+  private List<@NotBlank String> storageCaCertificates;
 
   @NotNull
   @Valid
@@ -52,12 +53,12 @@ public class SecureStorageServiceConfiguration {
   }
 
   @VisibleForTesting
-  public void setStorageCaCertificate(final String certificatePem) {
-    this.storageCaCertificate = certificatePem;
+  public void setStorageCaCertificates(final List<String> certificatePem) {
+    this.storageCaCertificates = certificatePem;
   }
 
-  public String getStorageCaCertificate() {
-    return storageCaCertificate;
+  public List<String> getStorageCaCertificates() {
+    return storageCaCertificates;
   }
 
   public CircuitBreakerConfiguration getCircuitBreakerConfiguration() {

service/src/main/java/org/whispersystems/textsecuregcm/configuration/StripeConfiguration.java

@@ -5,38 +5,13 @@
 
 package org.whispersystems.textsecuregcm.configuration;
 
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.Set;
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 
-public class StripeConfiguration {
+public record StripeConfiguration(@NotBlank String apiKey,
+                                  @NotEmpty byte[] idempotencyKeyGenerator,
+                                  @NotBlank String boostDescription,
+                                  @NotEmpty Set<@NotBlank String> supportedCurrencies) {
 
-  private final String apiKey;
-  private final byte[] idempotencyKeyGenerator;
-  private final String boostDescription;
-
-  @JsonCreator
-  public StripeConfiguration(
-      @JsonProperty("apiKey") final String apiKey,
-      @JsonProperty("idempotencyKeyGenerator") final byte[] idempotencyKeyGenerator,
-      @JsonProperty("boostDescription") final String boostDescription) {
-    this.apiKey = apiKey;
-    this.idempotencyKeyGenerator = idempotencyKeyGenerator;
-    this.boostDescription = boostDescription;
-  }
-
-  @NotEmpty
-  public String getApiKey() {
-    return apiKey;
-  }
-
-  @NotEmpty
-  public byte[] getIdempotencyKeyGenerator() {
-    return idempotencyKeyGenerator;
-  }
-
-  @NotEmpty
-  public String getBoostDescription() {
-    return boostDescription;
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SubscriptionLevelConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 Signal Messenger, LLC
+ * Copyright 2021-2022 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
@@ -15,16 +15,13 @@ import javax.validation.constraints.NotNull;
 public class SubscriptionLevelConfiguration {
 
   private final String badge;
-  private final String product;
   private final Map<String, SubscriptionPriceConfiguration> prices;
 
   @JsonCreator
   public SubscriptionLevelConfiguration(
       @JsonProperty("badge") @NotEmpty String badge,
-      @JsonProperty("product") @NotEmpty String product,
       @JsonProperty("prices") @Valid Map<@NotEmpty String, @NotNull @Valid SubscriptionPriceConfiguration> prices) {
     this.badge = badge;
-    this.product = product;
     this.prices = prices;
   }
 
@@ -32,10 +29,6 @@ public class SubscriptionLevelConfiguration {
     return badge;
   }
 
-  public String getProduct() {
-    return product;
-  }
-
   public Map<String, SubscriptionPriceConfiguration> getPrices() {
     return prices;
   }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SubscriptionPriceConfiguration.java

@@ -5,31 +5,16 @@
 
 package org.whispersystems.textsecuregcm.configuration;
 
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import java.math.BigDecimal;
+import java.util.Map;
+import javax.validation.Valid;
 import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.subscriptions.SubscriptionProcessor;
 
-public class SubscriptionPriceConfiguration {
+public record SubscriptionPriceConfiguration(@Valid @NotEmpty Map<SubscriptionProcessor, @NotBlank String> processorIds,
+                                             @NotNull @DecimalMin("0.01") BigDecimal amount) {
 
-  private final String id;
-  private final BigDecimal amount;
-
-  @JsonCreator
-  public SubscriptionPriceConfiguration(
-      @JsonProperty("id") @NotEmpty String id,
-      @JsonProperty("amount") @NotNull @DecimalMin("0.01") BigDecimal amount) {
-    this.id = id;
-    this.amount = amount;
-  }
-
-  public String getId() {
-    return id;
-  }
-
-  public BigDecimal getAmount() {
-    return amount;
-  }
 }