Update to latest version of the spam module

* wip removing groups v2 capabilities

* comments

* finish removing groups v2 references

* hardcode gv1migration flag on user capability, remove other references

.github/workflows/test.yml

@@ -5,14 +5,19 @@ on: [push]
 jobs:
   build:
     runs-on: ubuntu-latest
+    container: ubuntu:22.04
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
       - name: Set up JDK 17
-        uses: actions/setup-java@3bc31aaf88e8fc94dc1e632d48af61be5ca8721c
+        uses: actions/setup-java@de1bb2b0c5634f0fc4438d7aa9944e68f9bf86cc # v3.6.0
         with:
           distribution: 'temurin'
           java-version: 17
           cache: 'maven'
+        env:
+          # work around an issue with actions/runner setting an incorrect HOME in containers, which breaks maven caching
+          # https://github.com/actions/setup-java/issues/356
+          HOME: /root
       - name: Build with Maven
-        run: mvn -e -B verify
+        run: ./mvnw -e -B verify

.gitignore

@@ -16,6 +16,7 @@ config/deploy.properties
 /service/config/testing.yml
 /service/config/deploy.properties
 /service/dependency-reduced-pom.xml
+.java-version
 .opsmanage
 put.sh
 deployer-staging.properties
@@ -25,4 +26,6 @@ deployer.log
 !/service/src/main/resources/org/signal/badges/Badges_en.properties
 /service/src/main/resources/org/signal/subscriptions/Subscriptions_*.properties
 !/service/src/main/resources/org/signal/subscriptions/Subscriptions_en.properties
-/.tx/config
+.project
+.classpath
+.settings

.mvn/wrapper/maven-wrapper.properties

@@ -5,14 +5,14 @@
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
-# 
+#
 #   https://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.5/apache-maven-3.8.5-bin.zip
-wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar

event-logger/pom.xml

@@ -24,7 +24,16 @@
     <dependency>
       <groupId>org.jetbrains.kotlin</groupId>
       <artifactId>kotlin-stdlib</artifactId>
-      <version>${kotlin.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.jetbrains</groupId>
+          <!--
+              depends on an outdated version (13.0) for JDK 6 compatibility, but it’s safe to override
+              https://youtrack.jetbrains.com/issue/KT-25047
+          -->
+          <artifactId>annotations</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.jetbrains.kotlinx</groupId>

event-logger/src/test/kotlin/org/signal/event/GoogleCloudAdminEventLoggerTest.kt

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2023 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.signal.event
+
+import com.google.cloud.logging.Logging
+import org.junit.jupiter.api.Test
+import org.mockito.Mockito.mock
+
+class GoogleCloudAdminEventLoggerTest {
+
+    @Test
+    fun logEvent() {
+        val logging = mock(Logging::class.java)
+        val logger = GoogleCloudAdminEventLogger(logging, "my-project", "test")
+
+        val event = RemoteConfigDeleteEvent("token", "test")
+        logger.logEvent(event)
+    }
+}

pom.xml

@@ -42,29 +42,31 @@
   </modules>
 
   <properties>
-    <aws.sdk.version>1.12.287</aws.sdk.version>
-    <aws.sdk2.version>2.17.258</aws.sdk2.version>
+    <aws.sdk.version>1.12.376</aws.sdk.version>
+    <aws.sdk2.version>2.19.8</aws.sdk2.version>
+    <braintree.version>3.19.0</braintree.version>
     <commons-codec.version>1.15</commons-codec.version>
-    <commons-csv.version>1.8</commons-csv.version>
+    <commons-csv.version>1.9.0</commons-csv.version>
     <commons-io.version>2.9.0</commons-io.version>
-    <dropwizard.version>2.0.32</dropwizard.version>
+    <dropwizard.version>2.0.34</dropwizard.version>
     <dropwizard-metrics-datadog.version>1.1.13</dropwizard-metrics-datadog.version>
+    <google-cloud-libraries.version>26.1.3</google-cloud-libraries.version>
+    <grpc.version>1.51.1</grpc.version> <!-- this should be kept in sync with the value from Google’s libraries-bom -->
     <gson.version>2.9.0</gson.version>
-    <guava.version>30.1.1-jre</guava.version>
-    <jackson.version>2.13.3</jackson.version>
+    <jackson.version>2.13.4</jackson.version>
     <jaxb.version>2.3.1</jaxb.version>
     <jedis.version>2.9.0</jedis.version>
-    <kotlin.version>1.7.10</kotlin.version>
-    <kotlinx-serialization.version>1.4.0</kotlinx-serialization.version>
-    <lettuce.version>6.1.9.RELEASE</lettuce.version>
+    <kotlin.version>1.8.0</kotlin.version>
+    <kotlinx-serialization.version>1.4.1</kotlinx-serialization.version>
+    <lettuce.version>6.2.1.RELEASE</lettuce.version>
     <libphonenumber.version>8.12.54</libphonenumber.version>
-    <logstash.logback.version>7.0.1</logstash.logback.version>
-    <micrometer.version>1.9.3</micrometer.version>
-    <mockito.version>4.7.0</mockito.version>
-    <netty.version>4.1.79.Final</netty.version>
+    <logstash.logback.version>7.2</logstash.logback.version>
+    <micrometer.version>1.10.3</micrometer.version>
+    <mockito.version>4.11.0</mockito.version>
+    <netty.version>4.1.82.Final</netty.version>
     <opentest4j.version>1.2.0</opentest4j.version>
-    <protobuf.version>3.19.4</protobuf.version>
-    <pushy.version>0.15.1</pushy.version>
+    <protobuf.version>3.21.7</protobuf.version>
+    <pushy.version>0.15.2</pushy.version>
     <resilience4j.version>1.7.0</resilience4j.version>
     <semver4j.version>3.1.0</semver4j.version>
     <slf4j.version>1.7.30</slf4j.version>
@@ -83,7 +85,7 @@
       <dependency>
         <groupId>com.fasterxml.jackson</groupId>
         <artifactId>jackson-bom</artifactId>
-        <version>2.13.3</version>
+        <version>${jackson.version}</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -94,6 +96,13 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <!-- Needed for gRPC with Java 9+ -->
+      <dependency>
+        <groupId>org.apache.tomcat</groupId>
+        <artifactId>annotations-api</artifactId>
+        <version>6.0.53</version>
+        <scope>provided</scope>
+      </dependency>
       <dependency>
         <groupId>io.netty</groupId>
         <artifactId>netty-bom</artifactId>
@@ -118,7 +127,7 @@
       <dependency>
         <groupId>com.google.cloud</groupId>
         <artifactId>libraries-bom</artifactId>
-        <version>20.9.0</version>
+        <version>${google-cloud-libraries.version}</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -137,13 +146,19 @@
         <scope>import</scope>
       </dependency>
       <dependency>
-        <groupId>com.google.cloud</groupId>
-        <artifactId>libraries-bom</artifactId>
-        <version>26.1.0</version>
+        <groupId>io.projectreactor</groupId>
+        <artifactId>reactor-bom</artifactId>
+        <version>2020.0.24</version> <!-- 3.4.x, see https://github.com/reactor/reactor#bom-versioning-scheme -->
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.jetbrains.kotlin</groupId>
+        <artifactId>kotlin-bom</artifactId>
+        <version>${kotlin.version}</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
-
       <dependency>
         <groupId>com.eatthepath</groupId>
         <artifactId>pushy</artifactId>
@@ -154,11 +169,6 @@
         <artifactId>pushy-dropwizard-metrics-listener</artifactId>
         <version>${pushy.version}</version>
       </dependency>
-      <dependency>
-        <groupId>com.google.guava</groupId>
-        <artifactId>guava</artifactId>
-        <version>${guava.version}</version>
-      </dependency>
       <dependency>
         <groupId>com.google.protobuf</groupId>
         <artifactId>protobuf-java</artifactId>
@@ -270,6 +280,11 @@
         <artifactId>stripe-java</artifactId>
         <version>${stripe.version}</version>
       </dependency>
+      <dependency>
+        <groupId>com.braintreepayments.gateway</groupId>
+        <artifactId>braintree-java</artifactId>
+        <version>${braintree.version}</version>
+      </dependency>
       <dependency>
         <groupId>com.google.code.gson</groupId>
         <artifactId>gson</artifactId>
@@ -284,7 +299,7 @@
       <dependency>
         <groupId>org.signal</groupId>
         <artifactId>libsignal-server</artifactId>
-        <version>0.18.0</version>
+        <version>0.21.1</version>
       </dependency>
       <dependency>
         <groupId>org.apache.logging.log4j</groupId>
@@ -306,7 +321,7 @@
     <dependency>
       <groupId>com.github.tomakehurst</groupId>
       <artifactId>wiremock-jre8</artifactId>
-      <version>2.33.2</version>
+      <version>2.35.0</version>
       <scope>test</scope>
       <exclusions>
         <exclusion>
@@ -335,6 +350,12 @@
       <artifactId>junit-jupiter-api</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.junit-pioneer</groupId>
+      <artifactId>junit-pioneer</artifactId>
+      <version>1.9.1</version>
+      <scope>test</scope>
+    </dependency>
 
   </dependencies>
 
@@ -376,13 +397,16 @@
         <artifactId>protobuf-maven-plugin</artifactId>
         <version>0.6.1</version>
         <configuration>
-          <protocArtifact>com.google.protobuf:protoc:3.18.0:exe:${os.detected.classifier}</protocArtifact>
-          <checkStaleness>true</checkStaleness>
+          <checkStaleness>false</checkStaleness>
+          <protocArtifact>com.google.protobuf:protoc:3.21.1:exe:${os.detected.classifier}</protocArtifact>
+          <pluginId>grpc-java</pluginId>
+          <pluginArtifact>io.grpc:protoc-gen-grpc-java:${grpc.version}:exe:${os.detected.classifier}</pluginArtifact>
         </configuration>
         <executions>
           <execution>
             <goals>
               <goal>compile</goal>
+              <goal>compile-custom</goal>
               <goal>test-compile</goal>
             </goals>
           </execution>
@@ -458,7 +482,7 @@
               <rules>
                 <dependencyConvergence/>
                 <requireMavenVersion>
-                  <version>3.8.3</version>
+                  <version>3.8.6</version>
                 </requireMavenVersion>
               </rules>
             </configuration>

service/config/sample.yml

@@ -15,6 +15,25 @@ stripe:
   idempotencyKeyGenerator: abcdefg12345678= # base64 for creating request idempotency hash
   boostDescription: >
     Example
+  supportedCurrencies:
+    - xts
+  # - ...
+  # - Nth supported currency
+
+
+braintree:
+  merchantId: unset
+  publicKey: unset
+  privateKey: unset
+  environment: unset
+  graphqlUrl: unset
+  merchantAccounts:
+    # ISO 4217 currency code and its corresponding sub-merchant account
+    'xts': unset
+  supportedCurrencies:
+    - xts
+  # - ...
+  # - Nth supported currency
 
 dynamoDbClientConfiguration:
   region: us-west-2 # AWS Region
@@ -62,29 +81,6 @@ dynamoDbTables:
   subscriptions:
     tableName: Example_Subscriptions
 
-twilio: # Twilio gateway configuration
-  accountId: unset
-  accountToken: unset
-  nanpaMessagingServiceSid: unset # Twilio SID for the messaging service to use for NANPA.
-  messagingServiceSid: unset # Twilio SID for the message service to use for non-NANPA.
-  verifyServiceSid: unset # Twilio SID for a Verify service
-  localDomain: example.com # Domain Twilio can connect back to for calls. Should be domain of your service.
-  defaultClientVerificationTexts:
-    ios: example %1$s # Text to use for the verification message on iOS. Will be passed to String.format with the verification code as argument 1.
-    androidNg: example %1$s # Text to use for the verification message on android-ng client types. Will be passed to String.format with the verification code as argument 1.
-    android202001: example %1$s # Text to use for the verification message on android-2020-01 client types. Will be passed to String.format with the verification code as argument 1.
-    android202103: example %1$s # Text to use for the verification message on android-2021-03 client types. Will be passed to String.format with the verification code as argument 1.
-    generic: example %1$s # Text to use when the client type is unrecognized. Will be passed to String.format with the verification code as argument 1.
-  regionalClientVerificationTexts: # Map of country codes to custom texts
-    999: # example country code
-      ios: example %1$s # all keys from defaultClientVerificationTexts are required
-      androidNg: example %1$s
-      android202001: example %1$s
-      android202103: example %1$s
-      generic: example %1$s
-  androidAppHash: example # Hash appended to Android
-  verifyServiceFriendlyName: example # Service name used in template. Requires Twilio account rep to enable
-
 cacheCluster: # Redis server configuration for cache cluster
   configurationUri: redis://redis.example.com:6379/
 
@@ -115,28 +111,29 @@ directory:
     - replicationName: example           # CDS replication name
       replicationUrl: cds.example.com    # CDS replication endpoint base url
       replicationPassword: example       # CDS replication endpoint password
-      replicationCaCertificate: |        # CDS replication endpoint TLS certificate trust root
-        -----BEGIN CERTIFICATE-----
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-        AAAAAAAAAAAAAAAAAAAA
-        -----END CERTIFICATE-----
+      replicationCaCertificates:         # CDS replication endpoint TLS certificate trust root
+        - |
+          -----BEGIN CERTIFICATE-----
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+          AAAAAAAAAAAAAAAAAAAA
+          -----END CERTIFICATE-----
 
 directoryV2:
   client: # Configuration for interfacing with Contact Discovery Service v2 cluster
@@ -237,57 +234,62 @@ recaptcha:
   projectPath: projects/example
   credentialConfigurationJson: "{ }" # service account configuration for backend authentication
 
+hCaptcha:
+  apiKey: unset
+
 storageService:
   uri: storage.example.com
   userAuthenticationTokenSharedSecret: 00000f
-  storageCaCertificate: |
-    -----BEGIN CERTIFICATE-----
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    AAAAAAAAAAAAAAAAAAAA
-    -----END CERTIFICATE-----
+  storageCaCertificates:
+    - |
+      -----BEGIN CERTIFICATE-----
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      AAAAAAAAAAAAAAAAAAAA
+      -----END CERTIFICATE-----
 
 backupService:
   uri: backup.example.com
   userAuthenticationTokenSharedSecret: 00000f
-  backupCaCertificate: |
-    -----BEGIN CERTIFICATE-----
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
-    AAAAAAAAAAAAAAAAAAAA
-    -----END CERTIFICATE-----
+  backupCaCertificates:
+    - |
+      -----BEGIN CERTIFICATE-----
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+      AAAAAAAAAAAAAAAAAAAA
+      -----END CERTIFICATE-----
 
 zkConfig:
   serverPublic: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
@@ -310,17 +312,16 @@ remoteConfig:
 paymentsService:
   userAuthenticationTokenSharedSecret: 0000000f0000000f0000000f0000000f0000000f0000000f0000000f0000000f # hex-encoded 32-byte secret shared with MobileCoin services used to generate auth tokens for Signal users
   fixerApiKey: unset
+  coinMarketCapApiKey: unset
+  coinMarketCapCurrencyIds:
+    MOB: 7878
   paymentCurrencies:
     # list of symbols for supported currencies
     - MOB
 
-donation:
-  uri: donation.example.com # value
-  supportedCurrencies:
-    - # 1st supported currency
-    - # 2nd supported currency
-    - # ...
-    - # Nth supported currency
+artService:
+  userAuthenticationTokenSharedSecret: 0000000f0000000f0000000f0000000f0000000f0000000f0000000f0000000f # hex-encoded 32-byte secret not shared with any external service, but used in ArtController
+  userAuthenticationTokenUserIdSecret: 00000f # hex-encoded secret to obscure user phone numbers from Sticker Creator
 
 badges:
   badges:
@@ -351,26 +352,54 @@ subscription: # configuration for Stripe subscriptions
         # list of ISO 4217 currency codes and amounts for the given badge level
         xts:
           amount: '10'
-          id: price_example # stripe ID
+          processorIds:
+            STRIPE: price_example   # stripe Price ID
+            BRAINTREE: plan_example # braintree Plan ID
 
-boost:
-  level: 1
-  expiration: P90D
-  badge: EXAMPLE
+oneTimeDonations:
+  boost:
+    level: 1
+    expiration: P90D
+    badge: EXAMPLE
+  gift:
+    level: 10
+    expiration: P90D
+    badge: EXAMPLE
   currencies:
     # ISO 4217 currency codes and amounts in those currencies
     xts:
-      - '1'
-      - '2'
-      - '4'
-      - '8'
-      - '20'
-      - '40'
+      minimum: '0.5'
+      gift: '2'
+      boosts:
+        - '1'
+        - '2'
+        - '4'
+        - '8'
+        - '20'
+        - '40'
 
-gift:
-  level: 10
-  expiration: P90D
-  badge: EXAMPLE
-  currencies:
-    # ISO 4217 currency codes and amounts in those currencies
-    xts: '2'
+registrationService:
+  host: registration.example.com
+  apiKey: EXAMPLE
+  registrationCaCertificate: | # Registration service TLS certificate trust root
+    -----BEGIN CERTIFICATE-----
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz
+    AAAAAAAAAAAAAAAAAAAA
+    -----END CERTIFICATE-----

service/pom.xml

@@ -185,34 +185,7 @@
     <dependency>
       <groupId>com.google.firebase</groupId>
       <artifactId>firebase-admin</artifactId>
-      <version>9.0.0</version>
-
-      <!-- firebase-admin has conflicting versions of these artifacts in its dependency tree; for firebase-admin
-      9.0.0, we'll need to depend directly on com.google.api-client:google-api-client:1.35.1 and
-      com.google.oauth-client:google-oauth-client:1.34.1 -->
-      <exclusions>
-        <exclusion>
-          <groupId>com.google.api-client</groupId>
-          <artifactId>google-api-client</artifactId>
-        </exclusion>
-
-        <exclusion>
-          <groupId>com.google.oauth-client</groupId>
-          <artifactId>google-oauth-client</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-
-    <dependency>
-      <groupId>com.google.api-client</groupId>
-      <artifactId>google-api-client</artifactId>
-      <version>1.35.1</version>
-    </dependency>
-
-    <dependency>
-      <groupId>com.google.oauth-client</groupId>
-      <artifactId>google-oauth-client</artifactId>
-      <version>1.34.1</version>
+      <version>9.1.1</version>
     </dependency>
 
     <dependency>
@@ -228,6 +201,30 @@
       <groupId>io.github.resilience4j</groupId>
       <artifactId>resilience4j-retry</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.github.resilience4j</groupId>
+      <artifactId>resilience4j-reactor</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-netty-shaded</artifactId>
+      <scope>runtime</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-protobuf</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-stub</artifactId>
+    </dependency>
+    <!-- Needed for gRPC with Java 9+ -->
+    <dependency>
+      <groupId>org.apache.tomcat</groupId>
+      <artifactId>annotations-api</artifactId>
+      <scope>provided</scope>
+    </dependency>
 
     <dependency>
       <groupId>io.micrometer</groupId>
@@ -387,7 +384,6 @@
     <dependency>
       <groupId>io.projectreactor</groupId>
       <artifactId>reactor-core</artifactId>
-      <version>3.3.22.RELEASE</version>
     </dependency>
     <dependency>
       <groupId>io.vavr</groupId>
@@ -400,6 +396,11 @@
       <scope>test</scope>
     </dependency>
 
+    <dependency>
+      <groupId>io.projectreactor</groupId>
+      <artifactId>reactor-test</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>org.signal</groupId>
       <artifactId>embedded-redis</artifactId>
@@ -416,7 +417,7 @@
     <dependency>
       <groupId>com.amazonaws</groupId>
       <artifactId>DynamoDBLocal</artifactId>
-      <version>1.19.0</version>
+      <version>1.20.0</version>
       <scope>test</scope>
     </dependency>
 
@@ -429,6 +430,18 @@
       <groupId>com.stripe</groupId>
       <artifactId>stripe-java</artifactId>
     </dependency>
+
+    <dependency>
+      <groupId>com.braintreepayments.gateway</groupId>
+      <artifactId>braintree-java</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>com.apollographql.apollo3</groupId>
+      <artifactId>apollo-api-jvm</artifactId>
+      <version>3.7.1</version>
+    </dependency>
+
   </dependencies>
 
   <profiles>
@@ -584,6 +597,31 @@
           </arguments>
         </configuration>
       </plugin>
+
+      <plugin>
+        <groupId>com.github.aoudiamoncef</groupId>
+        <artifactId>apollo-client-maven-plugin</artifactId>
+        <version>5.0.0</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>generate</goal>
+            </goals>
+            <configuration>
+              <services>
+                <braintree>
+                  <compilationUnit>
+                    <name>braintree</name>
+                    <compilerParams>
+                      <schemaPackageName>com.braintree.graphql.client</schemaPackageName>
+                    </compilerParams>
+                  </compilationUnit>
+                </braintree>
+              </services>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
     </plugins>
   </build>
 </project>

service/src/main/graphql/braintree/ChargePayPalOneTimePayment.graphql

@@ -0,0 +1,9 @@
+# https://graphql.braintreepayments.com/reference/#Mutation--chargePaymentMethod
+mutation ChargePayPalOneTimePayment($input: ChargePaymentMethodInput!) {
+  chargePaymentMethod(input: $input) {
+    transaction {
+      id,
+      status
+    }
+  }
+}

service/src/main/graphql/braintree/CreatePayPalBillingAgreement.graphql

@@ -0,0 +1,6 @@
+mutation CreatePayPalBillingAgreement($input: CreatePayPalBillingAgreementInput!) {
+  createPayPalBillingAgreement(input: $input) {
+    approvalUrl,
+    billingAgreementToken
+  }
+}

service/src/main/graphql/braintree/CreatePayPalOneTimePayment.graphql

@@ -0,0 +1,7 @@
+# https://graphql.braintreepayments.com/reference/#Mutation--createPayPalOneTimePayment
+mutation CreatePayPalOneTimePayment($input: CreatePayPalOneTimePaymentInput!) {
+  createPayPalOneTimePayment(input: $input) {
+    approvalUrl,
+    paymentId
+  }
+}

service/src/main/graphql/braintree/TokenizePayPalBillingAgreement.graphql

@@ -0,0 +1,7 @@
+mutation TokenizePayPalBillingAgreement($input: TokenizePayPalBillingAgreementInput!) {
+  tokenizePayPalBillingAgreement(input: $input) {
+    paymentMethod {
+      id
+    }
+  }
+}

service/src/main/graphql/braintree/TokenizePayPalOneTimePayment.graphql

@@ -0,0 +1,8 @@
+# https://graphql.braintreepayments.com/reference/#Mutation--tokenizePayPalOneTimePayment
+mutation TokenizePayPalOneTimePayment($input: TokenizePayPalOneTimePaymentInput!) {
+  tokenizePayPalOneTimePayment(input: $input) {
+    paymentMethod {
+      id
+    }
+  }
+}

service/src/main/graphql/braintree/VaultPaymentMethod.graphql

@@ -0,0 +1,7 @@
+mutation VaultPaymentMethod($input: VaultPaymentMethodInput!) {
+  vaultPaymentMethod(input: $input) {
+    paymentMethod {
+      id
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2021 Signal Messenger, LLC
+ * Copyright 2013 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm;
@@ -19,24 +19,26 @@ import org.whispersystems.textsecuregcm.configuration.ApnConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AppConfigConfiguration;
 import org.whispersystems.textsecuregcm.configuration.AwsAttachmentsConfiguration;
 import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
-import org.whispersystems.textsecuregcm.configuration.BoostConfiguration;
+import org.whispersystems.textsecuregcm.configuration.BraintreeConfiguration;
 import org.whispersystems.textsecuregcm.configuration.CdnConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DatadogConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DirectoryConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DirectoryV2Configuration;
-import org.whispersystems.textsecuregcm.configuration.DonationConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DynamoDbClientConfiguration;
 import org.whispersystems.textsecuregcm.configuration.DynamoDbTables;
 import org.whispersystems.textsecuregcm.configuration.FcmConfiguration;
 import org.whispersystems.textsecuregcm.configuration.GcpAttachmentsConfiguration;
-import org.whispersystems.textsecuregcm.configuration.GiftConfiguration;
+import org.whispersystems.textsecuregcm.configuration.HCaptchaConfiguration;
 import org.whispersystems.textsecuregcm.configuration.MaxDeviceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.MessageCacheConfiguration;
+import org.whispersystems.textsecuregcm.configuration.OneTimeDonationConfiguration;
 import org.whispersystems.textsecuregcm.configuration.PaymentsServiceConfiguration;
+import org.whispersystems.textsecuregcm.configuration.ArtServiceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RateLimitsConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RecaptchaConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RedisClusterConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RedisConfiguration;
+import org.whispersystems.textsecuregcm.configuration.RegistrationServiceConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RemoteConfigConfiguration;
 import org.whispersystems.textsecuregcm.configuration.ReportMessageConfiguration;
 import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
@@ -44,7 +46,6 @@ import org.whispersystems.textsecuregcm.configuration.SecureStorageServiceConfig
 import org.whispersystems.textsecuregcm.configuration.StripeConfiguration;
 import org.whispersystems.textsecuregcm.configuration.SubscriptionConfiguration;
 import org.whispersystems.textsecuregcm.configuration.TestDeviceConfiguration;
-import org.whispersystems.textsecuregcm.configuration.TwilioConfiguration;
 import org.whispersystems.textsecuregcm.configuration.UnidentifiedDeliveryConfiguration;
 import org.whispersystems.textsecuregcm.configuration.UsernameConfiguration;
 import org.whispersystems.textsecuregcm.configuration.VoiceVerificationConfiguration;
@@ -64,6 +65,11 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private StripeConfiguration stripe;
 
+  @NotNull
+  @Valid
+  @JsonProperty
+  private BraintreeConfiguration braintree;
+
   @NotNull
   @Valid
   @JsonProperty
@@ -74,11 +80,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private DynamoDbTables dynamoDbTables;
 
-  @NotNull
-  @Valid
-  @JsonProperty
-  private TwilioConfiguration twilio;
-
   @NotNull
   @Valid
   @JsonProperty
@@ -194,6 +195,11 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private RecaptchaConfiguration recaptcha;
 
+  @Valid
+  @NotNull
+  @JsonProperty
+  private HCaptchaConfiguration hCaptcha;
+
   @Valid
   @NotNull
   @JsonProperty
@@ -209,6 +215,11 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private PaymentsServiceConfiguration paymentsService;
 
+  @Valid
+  @NotNull
+  @JsonProperty
+  private ArtServiceConfiguration artService;
+
   @Valid
   @NotNull
   @JsonProperty
@@ -224,11 +235,6 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private AppConfigConfiguration appConfig;
 
-  @Valid
-  @NotNull
-  @JsonProperty
-  private DonationConfiguration donation;
-
   @Valid
   @NotNull
   @JsonProperty
@@ -242,12 +248,7 @@ public class WhisperServerConfiguration extends Configuration {
   @Valid
   @JsonProperty
   @NotNull
-  private BoostConfiguration boost;
-
-  @Valid
-  @JsonProperty
-  @NotNull
-  private GiftConfiguration gift;
+  private OneTimeDonationConfiguration oneTimeDonations;
 
   @Valid
   @NotNull
@@ -263,6 +264,11 @@ public class WhisperServerConfiguration extends Configuration {
   @JsonProperty
   private AbusiveMessageFilterConfiguration abusiveMessageFilter;
 
+  @Valid
+  @NotNull
+  @JsonProperty
+  private RegistrationServiceConfiguration registrationService;
+
   public AdminEventLoggingConfiguration getAdminEventLoggingConfiguration() {
     return adminEventLoggingConfiguration;
   }
@@ -271,6 +277,10 @@ public class WhisperServerConfiguration extends Configuration {
     return stripe;
   }
 
+  public BraintreeConfiguration getBraintree() {
+    return braintree;
+  }
+
   public DynamoDbClientConfiguration getDynamoDbClientConfiguration() {
     return dynamoDbClientConfiguration;
   }
@@ -283,6 +293,10 @@ public class WhisperServerConfiguration extends Configuration {
     return recaptcha;
   }
 
+  public HCaptchaConfiguration getHCaptchaConfiguration() {
+    return hCaptcha;
+  }
+
   public VoiceVerificationConfiguration getVoiceVerificationConfiguration() {
     return voiceVerification;
   }
@@ -291,10 +305,6 @@ public class WhisperServerConfiguration extends Configuration {
     return webSocket;
   }
 
-  public TwilioConfiguration getTwilioConfiguration() {
-    return twilio;
-  }
-
   public AwsAttachmentsConfiguration getAwsAttachmentsConfiguration() {
     return awsAttachments;
   }
@@ -401,6 +411,10 @@ public class WhisperServerConfiguration extends Configuration {
     return paymentsService;
   }
 
+  public ArtServiceConfiguration getArtServiceConfiguration() {
+    return artService;
+  }
+
   public ZkConfig getZkConfig() {
     return zkConfig;
   }
@@ -413,10 +427,6 @@ public class WhisperServerConfiguration extends Configuration {
     return appConfig;
   }
 
-  public DonationConfiguration getDonationConfiguration() {
-    return donation;
-  }
-
   public BadgesConfiguration getBadges() {
     return badges;
   }
@@ -425,12 +435,8 @@ public class WhisperServerConfiguration extends Configuration {
     return subscription;
   }
 
-  public BoostConfiguration getBoost() {
-    return boost;
-  }
-
-  public GiftConfiguration getGift() {
-    return gift;
+  public OneTimeDonationConfiguration getOneTimeDonations() {
+    return oneTimeDonations;
   }
 
   public ReportMessageConfiguration getReportMessageConfiguration() {
@@ -444,4 +450,8 @@ public class WhisperServerConfiguration extends Configuration {
   public UsernameConfiguration getUsername() {
     return username;
   }
+
+  public RegistrationServiceConfiguration getRegistrationServiceConfiguration() {
+    return registrationService;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java

@@ -73,6 +73,8 @@ import org.whispersystems.dispatch.DispatchManager;
 import org.whispersystems.textsecuregcm.abuse.AbusiveMessageFilter;
 import org.whispersystems.textsecuregcm.abuse.FilterAbusiveMessages;
 import org.whispersystems.textsecuregcm.abuse.RateLimitChallengeListener;
+import org.whispersystems.textsecuregcm.abuse.ReportSpamTokenHandler;
+import org.whispersystems.textsecuregcm.abuse.ReportSpamTokenProvider;
 import org.whispersystems.textsecuregcm.auth.AccountAuthenticator;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.auth.CertificateGenerator;
@@ -83,6 +85,8 @@ import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
 import org.whispersystems.textsecuregcm.auth.WebsocketRefreshApplicationEventListener;
 import org.whispersystems.textsecuregcm.badges.ConfiguredProfileBadgeConverter;
 import org.whispersystems.textsecuregcm.badges.ResourceBundleLevelTranslator;
+import org.whispersystems.textsecuregcm.captcha.CaptchaChecker;
+import org.whispersystems.textsecuregcm.captcha.HCaptchaClient;
 import org.whispersystems.textsecuregcm.configuration.DirectoryServerConfiguration;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
 import org.whispersystems.textsecuregcm.controllers.AccountController;
@@ -104,19 +108,19 @@ import org.whispersystems.textsecuregcm.controllers.RemoteConfigController;
 import org.whispersystems.textsecuregcm.controllers.SecureBackupController;
 import org.whispersystems.textsecuregcm.controllers.SecureStorageController;
 import org.whispersystems.textsecuregcm.controllers.StickerController;
+import org.whispersystems.textsecuregcm.controllers.ArtController;
 import org.whispersystems.textsecuregcm.controllers.SubscriptionController;
 import org.whispersystems.textsecuregcm.controllers.VoiceVerificationController;
+import org.whispersystems.textsecuregcm.currency.CoinMarketCapClient;
 import org.whispersystems.textsecuregcm.currency.CurrencyConversionManager;
 import org.whispersystems.textsecuregcm.currency.FixerClient;
-import org.whispersystems.textsecuregcm.currency.FtxClient;
 import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
-import org.whispersystems.textsecuregcm.filters.ContentLengthFilter;
+import org.whispersystems.textsecuregcm.filters.RequestStatisticsFilter;
 import org.whispersystems.textsecuregcm.filters.RemoteDeprecationFilter;
 import org.whispersystems.textsecuregcm.filters.TimestampResponseFilter;
 import org.whispersystems.textsecuregcm.limits.DynamicRateLimiters;
 import org.whispersystems.textsecuregcm.limits.PushChallengeManager;
 import org.whispersystems.textsecuregcm.limits.RateLimitChallengeManager;
-import org.whispersystems.textsecuregcm.limits.RateLimitChallengeOptionManager;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
 import org.whispersystems.textsecuregcm.mappers.CompletionExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.DeviceLimitExceededExceptionMapper;
@@ -124,7 +128,6 @@ import org.whispersystems.textsecuregcm.mappers.IOExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.ImpossiblePhoneNumberExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.InvalidWebsocketAddressExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.NonNormalizedPhoneNumberExceptionMapper;
-import org.whispersystems.textsecuregcm.mappers.RateLimitChallengeExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.RateLimitExceededExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.ServerRejectedExceptionMapper;
 import org.whispersystems.textsecuregcm.metrics.ApplicationShutdownMonitor;
@@ -155,19 +158,16 @@ import org.whispersystems.textsecuregcm.push.ProvisioningManager;
 import org.whispersystems.textsecuregcm.push.PushLatencyManager;
 import org.whispersystems.textsecuregcm.push.PushNotificationManager;
 import org.whispersystems.textsecuregcm.push.ReceiptSender;
-import org.whispersystems.textsecuregcm.recaptcha.RecaptchaClient;
+import org.whispersystems.textsecuregcm.captcha.RecaptchaClient;
 import org.whispersystems.textsecuregcm.redis.ConnectionEventLogger;
 import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
 import org.whispersystems.textsecuregcm.redis.ReplicatedJedisPool;
+import org.whispersystems.textsecuregcm.registration.RegistrationServiceClient;
 import org.whispersystems.textsecuregcm.s3.PolicySigner;
 import org.whispersystems.textsecuregcm.s3.PostPolicyGenerator;
 import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
-import org.whispersystems.textsecuregcm.sms.SmsSender;
-import org.whispersystems.textsecuregcm.sms.TwilioSmsSender;
-import org.whispersystems.textsecuregcm.sms.TwilioVerifyExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.sqs.DirectoryQueue;
-import org.whispersystems.textsecuregcm.storage.AbusiveHostRules;
 import org.whispersystems.textsecuregcm.storage.AccountCleaner;
 import org.whispersystems.textsecuregcm.storage.AccountDatabaseCrawler;
 import org.whispersystems.textsecuregcm.storage.AccountDatabaseCrawlerCache;
@@ -205,7 +205,8 @@ import org.whispersystems.textsecuregcm.storage.ReportMessageManager;
 import org.whispersystems.textsecuregcm.storage.StoredVerificationCodeManager;
 import org.whispersystems.textsecuregcm.storage.SubscriptionManager;
 import org.whispersystems.textsecuregcm.storage.VerificationCodeStore;
-import org.whispersystems.textsecuregcm.stripe.StripeManager;
+import org.whispersystems.textsecuregcm.subscriptions.BraintreeManager;
+import org.whispersystems.textsecuregcm.subscriptions.StripeManager;
 import org.whispersystems.textsecuregcm.util.Constants;
 import org.whispersystems.textsecuregcm.util.DynamoDbFromConfig;
 import org.whispersystems.textsecuregcm.util.HostnameUtil;
@@ -227,6 +228,7 @@ import org.whispersystems.textsecuregcm.workers.SetUserDiscoverabilityCommand;
 import org.whispersystems.textsecuregcm.workers.ZkParamsCommand;
 import org.whispersystems.websocket.WebSocketResourceProviderFactory;
 import org.whispersystems.websocket.setup.WebSocketEnvironment;
+import reactor.core.scheduler.Schedulers;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.regions.Region;
@@ -333,7 +335,14 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
             config.getAppConfig().getConfigurationName(),
             DynamicConfiguration.class);
 
-    Accounts accounts = new Accounts(dynamicConfigurationManager,
+    BlockingQueue<Runnable> messageDeletionQueue = new LinkedBlockingQueue<>();
+    Metrics.gaugeCollectionSize(name(getClass(), "messageDeletionQueueSize"), Collections.emptyList(),
+        messageDeletionQueue);
+    ExecutorService messageDeletionAsyncExecutor = environment.lifecycle()
+        .executorService(name(getClass(), "messageDeletionAsyncExecutor-%d")).maxThreads(16)
+        .workQueue(messageDeletionQueue).build();
+
+    Accounts accounts = new Accounts(
         dynamoDbClient,
         dynamoDbAsyncClient,
         config.getDynamoDbTables().getAccounts().getTableName(),
@@ -348,9 +357,10 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     Profiles profiles = new Profiles(dynamoDbClient, dynamoDbAsyncClient,
         config.getDynamoDbTables().getProfiles().getTableName());
     Keys keys = new Keys(dynamoDbClient, config.getDynamoDbTables().getKeys().getTableName());
-    MessagesDynamoDb messagesDynamoDb = new MessagesDynamoDb(dynamoDbClient,
+    MessagesDynamoDb messagesDynamoDb = new MessagesDynamoDb(dynamoDbClient, dynamoDbAsyncClient,
         config.getDynamoDbTables().getMessages().getTableName(),
-        config.getDynamoDbTables().getMessages().getExpiration());
+        config.getDynamoDbTables().getMessages().getExpiration(),
+        messageDeletionAsyncExecutor);
     RemoteConfigs remoteConfigs = new RemoteConfigs(dynamoDbClient,
         config.getDynamoDbTables().getRemoteConfig().getTableName());
     PushChallengeDynamoDb pushChallengeDynamoDb = new PushChallengeDynamoDb(dynamoDbClient,
@@ -363,8 +373,13 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     VerificationCodeStore pendingDevices = new VerificationCodeStore(dynamoDbClient,
         config.getDynamoDbTables().getPendingDevices().getTableName());
 
-    RedisClientFactory  pubSubClientFactory = new RedisClientFactory("pubsub_cache", config.getPubsubCacheConfiguration().getUrl(), config.getPubsubCacheConfiguration().getReplicaUrls(), config.getPubsubCacheConfiguration().getCircuitBreakerConfiguration());
-    ReplicatedJedisPool pubsubClient        = pubSubClientFactory.getRedisClientPool();
+    reactor.util.Metrics.MicrometerConfiguration.useRegistry(Metrics.globalRegistry);
+    Schedulers.enableMetrics();
+
+    RedisClientFactory pubSubClientFactory = new RedisClientFactory("pubsub_cache",
+        config.getPubsubCacheConfiguration().getUrl(), config.getPubsubCacheConfiguration().getReplicaUrls(),
+        config.getPubsubCacheConfiguration().getCircuitBreakerConfiguration());
+    ReplicatedJedisPool pubsubClient = pubSubClientFactory.getRedisClientPool();
 
     MicrometerOptions options = MicrometerOptions.builder().build();
     ClientResources redisClientResources = ClientResources.builder()
@@ -378,9 +393,9 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     FaultTolerantRedisCluster pushSchedulerCluster     = new FaultTolerantRedisCluster("push_scheduler", config.getPushSchedulerCluster(), redisClientResources);
     FaultTolerantRedisCluster rateLimitersCluster      = new FaultTolerantRedisCluster("rate_limiters", config.getRateLimitersCluster(), redisClientResources);
 
-    BlockingQueue<Runnable> keyspaceNotificationDispatchQueue = new ArrayBlockingQueue<>(10_000);
+    final BlockingQueue<Runnable> keyspaceNotificationDispatchQueue = new ArrayBlockingQueue<>(100_000);
     Metrics.gaugeCollectionSize(name(getClass(), "keyspaceNotificationDispatchQueueSize"), Collections.emptyList(), keyspaceNotificationDispatchQueue);
-    final ArrayBlockingQueue<Runnable> receiptSenderQueue = new ArrayBlockingQueue<>(10_000);
+    final BlockingQueue<Runnable> receiptSenderQueue = new LinkedBlockingQueue<>();
     Metrics.gaugeCollectionSize(name(getClass(), "receiptSenderQueue"), Collections.emptyList(), receiptSenderQueue);
 
     final BlockingQueue<Runnable> fcmSenderQueue = new LinkedBlockingQueue<>();
@@ -394,15 +409,17 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     ExecutorService          fcmSenderExecutor                    = environment.lifecycle().executorService(name(getClass(), "fcmSender-%d")).maxThreads(32).minThreads(32).workQueue(fcmSenderQueue).build();
     ExecutorService          backupServiceExecutor                = environment.lifecycle().executorService(name(getClass(), "backupService-%d")).maxThreads(1).minThreads(1).build();
     ExecutorService          storageServiceExecutor               = environment.lifecycle().executorService(name(getClass(), "storageService-%d")).maxThreads(1).minThreads(1).build();
+    ExecutorService          accountDeletionExecutor              = environment.lifecycle().executorService(name(getClass(), "accountCleaner-%d")).maxThreads(16).minThreads(16).build();
 
     // TODO: generally speaking this is a DynamoDB I/O executor for the accounts table; we should eventually have a general executor for speaking to the accounts table, but most of the server is still synchronous so this isn't widely useful yet
     ExecutorService batchIdentityCheckExecutor = environment.lifecycle().executorService(name(getClass(), "batchIdentityCheck-%d")).minThreads(32).maxThreads(32).build();
     ExecutorService multiRecipientMessageExecutor = environment.lifecycle()
         .executorService(name(getClass(), "multiRecipientMessage-%d")).minThreads(64).maxThreads(64).build();
-    ExecutorService stripeExecutor = environment.lifecycle().executorService(name(getClass(), "stripe-%d")).
-        maxThreads(availableProcessors).  // mostly this is IO bound so tying to number of processors is tenuous at best
-        minThreads(availableProcessors).  // mostly this is IO bound so tying to number of processors is tenuous at best
-        allowCoreThreadTimeOut(true).
+    ExecutorService subscriptionProcessorExecutor = environment.lifecycle()
+        .executorService(name(getClass(), "subscriptionProcessor-%d"))
+        .maxThreads(availableProcessors)  // mostly this is IO bound so tying to number of processors is tenuous at best
+        .minThreads(availableProcessors)  // mostly this is IO bound so tying to number of processors is tenuous at best
+        .allowCoreThreadTimeOut(true).
         build();
     ExecutorService receiptSenderExecutor = environment.lifecycle()
         .executorService(name(getClass(), "receiptSender-%d"))
@@ -411,6 +428,11 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         .workQueue(receiptSenderQueue)
         .rejectedExecutionHandler(new ThreadPoolExecutor.CallerRunsPolicy())
         .build();
+    ExecutorService registrationCallbackExecutor = environment.lifecycle()
+        .executorService(name(getClass(), "registration-%d"))
+        .maxThreads(2)
+        .minThreads(2)
+        .build();
 
     final AdminEventLogger adminEventLogger = new GoogleCloudAdminEventLogger(
         LoggingOptions.newBuilder().setProjectId(config.getAdminEventLoggingConfiguration().projectId())
@@ -420,8 +442,13 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         config.getAdminEventLoggingConfiguration().projectId(),
         config.getAdminEventLoggingConfiguration().logName());
 
-    StripeManager stripeManager = new StripeManager(config.getStripe().getApiKey(), stripeExecutor,
-        config.getStripe().getIdempotencyKeyGenerator(), config.getStripe().getBoostDescription());
+    StripeManager stripeManager = new StripeManager(config.getStripe().apiKey(), subscriptionProcessorExecutor,
+        config.getStripe().idempotencyKeyGenerator(), config.getStripe().boostDescription(), config.getStripe()
+        .supportedCurrencies());
+    BraintreeManager braintreeManager = new BraintreeManager(config.getBraintree().merchantId(),
+        config.getBraintree().publicKey(), config.getBraintree().privateKey(), config.getBraintree().environment(),
+        config.getBraintree().supportedCurrencies(), config.getBraintree().merchantAccounts(),
+        config.getBraintree().graphqlUrl(), config.getBraintree().circuitBreaker(), subscriptionProcessorExecutor);
 
     ExternalServiceCredentialGenerator directoryCredentialsGenerator = new ExternalServiceCredentialGenerator(
         config.getDirectoryConfiguration().getDirectoryClientConfiguration().getUserAuthenticationTokenSharedSecret(),
@@ -435,29 +462,33 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
 
     ExperimentEnrollmentManager experimentEnrollmentManager = new ExperimentEnrollmentManager(dynamicConfigurationManager);
 
-    TwilioVerifyExperimentEnrollmentManager verifyExperimentEnrollmentManager = new TwilioVerifyExperimentEnrollmentManager(
-        config.getVoiceVerificationConfiguration(), experimentEnrollmentManager);
-
     ExternalServiceCredentialGenerator storageCredentialsGenerator = new ExternalServiceCredentialGenerator(
         config.getSecureStorageServiceConfiguration().getUserAuthenticationTokenSharedSecret(), true);
     ExternalServiceCredentialGenerator backupCredentialsGenerator = new ExternalServiceCredentialGenerator(
         config.getSecureBackupServiceConfiguration().getUserAuthenticationTokenSharedSecret(), true);
     ExternalServiceCredentialGenerator paymentsCredentialsGenerator = new ExternalServiceCredentialGenerator(
         config.getPaymentsServiceConfiguration().getUserAuthenticationTokenSharedSecret(), true);
+    ExternalServiceCredentialGenerator artCredentialsGenerator = new ExternalServiceCredentialGenerator(
+        config.getArtServiceConfiguration().getUserAuthenticationTokenSharedSecret(),
+        config.getArtServiceConfiguration().getUserAuthenticationTokenUserIdSecret(),
+        true, false, false);
 
-    AbusiveHostRules           abusiveHostRules           = new AbusiveHostRules(rateLimitersCluster, dynamicConfigurationManager);
+    RegistrationServiceClient  registrationServiceClient  = new RegistrationServiceClient(config.getRegistrationServiceConfiguration().getHost(), config.getRegistrationServiceConfiguration().getPort(), config.getRegistrationServiceConfiguration().getApiKey(), config.getRegistrationServiceConfiguration().getRegistrationCaCertificate(), registrationCallbackExecutor);
     SecureBackupClient         secureBackupClient         = new SecureBackupClient(backupCredentialsGenerator, backupServiceExecutor, config.getSecureBackupServiceConfiguration());
     SecureStorageClient        secureStorageClient        = new SecureStorageClient(storageCredentialsGenerator, storageServiceExecutor, config.getSecureStorageServiceConfiguration());
     ClientPresenceManager      clientPresenceManager      = new ClientPresenceManager(clientPresenceCluster, recurringJobExecutor, keyspaceNotificationDispatchExecutor);
     DirectoryQueue             directoryQueue             = new DirectoryQueue(config.getDirectoryConfiguration().getSqsConfiguration());
     StoredVerificationCodeManager pendingAccountsManager  = new StoredVerificationCodeManager(pendingAccounts);
     StoredVerificationCodeManager pendingDevicesManager   = new StoredVerificationCodeManager(pendingDevices);
-    ProfilesManager            profilesManager            = new ProfilesManager(profiles, cacheCluster);
-    MessagesCache              messagesCache              = new MessagesCache(messagesCluster, messagesCluster, keyspaceNotificationDispatchExecutor);
-    PushLatencyManager         pushLatencyManager         = new PushLatencyManager(metricsCluster, dynamicConfigurationManager);
-    ReportMessageManager       reportMessageManager       = new ReportMessageManager(reportMessageDynamoDb, rateLimitersCluster, config.getReportMessageConfiguration().getCounterTtl());
-    MessagesManager            messagesManager            = new MessagesManager(messagesDynamoDb, messagesCache, reportMessageManager);
-    UsernameGenerator          usernameGenerator          = new UsernameGenerator(config.getUsername());
+    ProfilesManager profilesManager = new ProfilesManager(profiles, cacheCluster);
+    MessagesCache messagesCache = new MessagesCache(messagesCluster, messagesCluster, Clock.systemUTC(),
+        keyspaceNotificationDispatchExecutor, messageDeletionAsyncExecutor);
+    PushLatencyManager pushLatencyManager = new PushLatencyManager(metricsCluster, dynamicConfigurationManager);
+    ReportMessageManager reportMessageManager = new ReportMessageManager(reportMessageDynamoDb, rateLimitersCluster,
+        config.getReportMessageConfiguration().getCounterTtl());
+    MessagesManager messagesManager = new MessagesManager(messagesDynamoDb, messagesCache, reportMessageManager,
+        messageDeletionAsyncExecutor);
+    UsernameGenerator usernameGenerator = new UsernameGenerator(config.getUsername());
     DeletedAccountsManager deletedAccountsManager = new DeletedAccountsManager(deletedAccounts,
         deletedAccountsLockDynamoDbClient, config.getDynamoDbTables().getDeletedAccountsLock().getTableName());
     AccountsManager accountsManager = new AccountsManager(accounts, phoneNumberIdentifiers, cacheCluster,
@@ -493,20 +524,21 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     AccountAuthenticator                  accountAuthenticator                  = new AccountAuthenticator(accountsManager);
     DisabledPermittedAccountAuthenticator disabledPermittedAccountAuthenticator = new DisabledPermittedAccountAuthenticator(accountsManager);
 
-    TwilioSmsSender          twilioSmsSender    = new TwilioSmsSender(config.getTwilioConfiguration(), dynamicConfigurationManager);
-    SmsSender                smsSender          = new SmsSender(twilioSmsSender);
     MessageSender            messageSender      = new MessageSender(clientPresenceManager, messagesManager, pushNotificationManager, pushLatencyManager);
     ReceiptSender            receiptSender      = new ReceiptSender(accountsManager, messageSender, receiptSenderExecutor);
     TurnTokenGenerator       turnTokenGenerator = new TurnTokenGenerator(dynamicConfigurationManager);
+
     RecaptchaClient recaptchaClient = new RecaptchaClient(
         config.getRecaptchaConfiguration().getProjectPath(),
         config.getRecaptchaConfiguration().getCredentialConfigurationJson(),
         dynamicConfigurationManager);
+    HttpClient hcaptchaHttpClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_2).connectTimeout(Duration.ofSeconds(10)).build();
+    HCaptchaClient hCaptchaClient = new HCaptchaClient(config.getHCaptchaConfiguration().apiKey(), hcaptchaHttpClient, dynamicConfigurationManager);
+    CaptchaChecker captchaChecker = new CaptchaChecker(List.of(recaptchaClient, hCaptchaClient));
+
     PushChallengeManager pushChallengeManager = new PushChallengeManager(pushNotificationManager, pushChallengeDynamoDb);
     RateLimitChallengeManager rateLimitChallengeManager = new RateLimitChallengeManager(pushChallengeManager,
-        recaptchaClient, dynamicRateLimiters);
-    RateLimitChallengeOptionManager rateLimitChallengeOptionManager =
-        new RateLimitChallengeOptionManager(dynamicRateLimiters, dynamicConfigurationManager);
+        captchaChecker, dynamicRateLimiters);
 
     MessagePersister messagePersister = new MessagePersister(messagesCache, messagesManager, accountsManager, dynamicConfigurationManager, Duration.ofMinutes(config.getMessageCacheConfiguration().getPersistDelayMinutes()));
     ChangeNumberManager changeNumberManager = new ChangeNumberManager(messageSender, accountsManager);
@@ -542,7 +574,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         new AccountDatabaseCrawlerCache(cacheCluster, AccountDatabaseCrawlerCache.ACCOUNT_CLEANER_PREFIX);
     AccountDatabaseCrawler accountCleanerAccountDatabaseCrawler = new AccountDatabaseCrawler("Account cleaner crawler",
         accountsManager,
-        accountCleanerAccountDatabaseCrawlerCache, List.of(new AccountCleaner(accountsManager)),
+        accountCleanerAccountDatabaseCrawlerCache, List.of(new AccountCleaner(accountsManager, accountDeletionExecutor)),
         config.getAccountDatabaseCrawlerConfiguration().getChunkSize(),
         config.getAccountDatabaseCrawlerConfiguration().getChunkIntervalMs()
     );
@@ -565,10 +597,11 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
 
     DeletedAccountsTableCrawler deletedAccountsTableCrawler = new DeletedAccountsTableCrawler(deletedAccountsManager, deletedAccountsDirectoryReconcilers, cacheCluster, recurringJobExecutor);
 
-    HttpClient                currencyClient  = HttpClient.newBuilder().version(HttpClient.Version.HTTP_2).connectTimeout(Duration.ofSeconds(10)).build();
-    FixerClient               fixerClient     = new FixerClient(currencyClient, config.getPaymentsServiceConfiguration().getFixerApiKey());
-    FtxClient                 ftxClient       = new FtxClient(currencyClient);
-    CurrencyConversionManager currencyManager = new CurrencyConversionManager(fixerClient, ftxClient, config.getPaymentsServiceConfiguration().getPaymentCurrencies());
+    HttpClient currencyClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_2).connectTimeout(Duration.ofSeconds(10)).build();
+    FixerClient fixerClient = new FixerClient(currencyClient, config.getPaymentsServiceConfiguration().getFixerApiKey());
+    CoinMarketCapClient coinMarketCapClient = new CoinMarketCapClient(currencyClient, config.getPaymentsServiceConfiguration().getCoinMarketCapApiKey(), config.getPaymentsServiceConfiguration().getCoinMarketCapCurrencyIds());
+    CurrencyConversionManager currencyManager = new CurrencyConversionManager(fixerClient, coinMarketCapClient,
+        cacheCluster, config.getPaymentsServiceConfiguration().getPaymentCurrencies(), Clock.systemUTC());
 
     environment.lifecycle().manage(apnSender);
     environment.lifecycle().manage(apnPushNotificationScheduler);
@@ -582,6 +615,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     environment.lifecycle().manage(clientPresenceManager);
     environment.lifecycle().manage(currencyManager);
     environment.lifecycle().manage(directoryQueue);
+    environment.lifecycle().manage(registrationServiceClient);
 
     StaticCredentialsProvider cdnCredentialsProvider = StaticCredentialsProvider
         .create(AwsBasicCredentials.create(
@@ -610,7 +644,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         .addFilter("RemoteDeprecationFilter", new RemoteDeprecationFilter(dynamicConfigurationManager))
         .addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "/*");
 
-    environment.jersey().register(new ContentLengthFilter(TrafficSource.HTTP));
+    environment.jersey().register(new RequestStatisticsFilter(TrafficSource.HTTP));
     environment.jersey().register(MultiRecipientMessageProvider.class);
     environment.jersey().register(new MetricsApplicationEventListener(TrafficSource.HTTP));
     environment.jersey()
@@ -630,59 +664,45 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     webSocketEnvironment.setConnectListener(
         new AuthenticatedConnectListener(receiptSender, messagesManager, pushNotificationManager,
             clientPresenceManager, websocketScheduledExecutor));
-    webSocketEnvironment.jersey().register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
-    webSocketEnvironment.jersey().register(new ContentLengthFilter(TrafficSource.WEBSOCKET));
+    webSocketEnvironment.jersey()
+        .register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
+    webSocketEnvironment.jersey().register(new RequestStatisticsFilter(TrafficSource.WEBSOCKET));
     webSocketEnvironment.jersey().register(MultiRecipientMessageProvider.class);
     webSocketEnvironment.jersey().register(new MetricsApplicationEventListener(TrafficSource.WEBSOCKET));
     webSocketEnvironment.jersey().register(new KeepAliveController(clientPresenceManager));
 
     // these should be common, but use @Auth DisabledPermittedAccount, which isn’t supported yet on websocket
     environment.jersey().register(
-        new AccountController(pendingAccountsManager, accountsManager, abusiveHostRules, rateLimiters,
-            smsSender, dynamicConfigurationManager, turnTokenGenerator, config.getTestDevices(),
-            recaptchaClient, pushNotificationManager, verifyExperimentEnrollmentManager,
-            changeNumberManager, backupCredentialsGenerator));
+        new AccountController(pendingAccountsManager, accountsManager, rateLimiters,
+            registrationServiceClient, dynamicConfigurationManager, turnTokenGenerator, config.getTestDevices(),
+            captchaChecker, pushNotificationManager, changeNumberManager, backupCredentialsGenerator,
+            clientPresenceManager, clock));
+
     environment.jersey().register(new KeysController(rateLimiters, keys, accountsManager));
 
-    final List<Object> commonControllers = Lists.newArrayList(
-        new AttachmentControllerV2(rateLimiters, config.getAwsAttachmentsConfiguration().getAccessKey(), config.getAwsAttachmentsConfiguration().getAccessSecret(), config.getAwsAttachmentsConfiguration().getRegion(), config.getAwsAttachmentsConfiguration().getBucket()),
-        new AttachmentControllerV3(rateLimiters, config.getGcpAttachmentsConfiguration().getDomain(), config.getGcpAttachmentsConfiguration().getEmail(), config.getGcpAttachmentsConfiguration().getMaxSizeInBytes(), config.getGcpAttachmentsConfiguration().getPathPrefix(), config.getGcpAttachmentsConfiguration().getRsaSigningKey()),
-        new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().getCertificate(), config.getDeliveryCertificate().getPrivateKey(), config.getDeliveryCertificate().getExpiresDays()), zkAuthOperations, clock),
-        new ChallengeController(rateLimitChallengeManager),
-        new DeviceController(pendingDevicesManager, accountsManager, messagesManager, keys, rateLimiters, config.getMaxDevices()),
-        new DirectoryController(directoryCredentialsGenerator),
-        new DirectoryV2Controller(directoryV2CredentialsGenerator),
-        new DonationController(clock, zkReceiptOperations, redeemedReceiptsManager, accountsManager, config.getBadges(),
-            ReceiptCredentialPresentation::new, stripeExecutor, config.getDonationConfiguration(), config.getStripe()),
-        new MessageController(rateLimiters, messageSender, receiptSender, accountsManager, deletedAccountsManager, messagesManager, pushNotificationManager, reportMessageManager, multiRecipientMessageExecutor),
-        new PaymentsController(currencyManager, paymentsCredentialsGenerator),
-        new ProfileController(clock, rateLimiters, accountsManager, profilesManager, dynamicConfigurationManager, profileBadgeConverter, config.getBadges(), cdnS3Client, profileCdnPolicyGenerator, profileCdnPolicySigner, config.getCdnConfiguration().getBucket(), zkProfileOperations, batchIdentityCheckExecutor),
-        new ProvisioningController(rateLimiters, provisioningManager),
-        new RemoteConfigController(remoteConfigsManager, adminEventLogger, config.getRemoteConfigConfiguration().getAuthorizedTokens(), config.getRemoteConfigConfiguration().getGlobalConfig()),
-        new SecureBackupController(backupCredentialsGenerator),
-        new SecureStorageController(storageCredentialsGenerator),
-        new StickerController(rateLimiters, config.getCdnConfiguration().getAccessKey(),
-            config.getCdnConfiguration().getAccessSecret(), config.getCdnConfiguration().getRegion(),
-            config.getCdnConfiguration().getBucket())
-    );
-    if (config.getSubscription() != null && config.getBoost() != null) {
-      commonControllers.add(new SubscriptionController(clock, config.getSubscription(), config.getBoost(),
-          config.getGift(), subscriptionManager, stripeManager, zkReceiptOperations, issuedReceiptsManager,
-          profileBadgeConverter, resourceBundleLevelTranslator));
-    }
-
-    for (Object controller : commonControllers) {
-      environment.jersey().register(controller);
-      webSocketEnvironment.jersey().register(controller);
-    }
-
     boolean registeredAbusiveMessageFilter = false;
+    ReportSpamTokenProvider reportSpamTokenProvider = null;
+    ReportSpamTokenHandler reportSpamTokenHandler = null;
 
     for (final AbusiveMessageFilter filter : ServiceLoader.load(AbusiveMessageFilter.class)) {
       if (filter.getClass().isAnnotationPresent(FilterAbusiveMessages.class)) {
         try {
           filter.configure(config.getAbusiveMessageFilterConfiguration().getEnvironment());
 
+          ReportSpamTokenProvider thisProvider = filter.getReportSpamTokenProvider();
+          if (reportSpamTokenProvider == null) {
+            reportSpamTokenProvider = thisProvider;
+          } else if (thisProvider != null) {
+            log.info("Multiple spam report token providers found. Using the first.");
+          }
+
+          ReportSpamTokenHandler thisHandler = filter.getReportSpamTokenHandler();
+          if (reportSpamTokenHandler == null) {
+            reportSpamTokenHandler = thisHandler;
+          } else if (thisProvider != null) {
+            log.info("Multiple spam report token handlers found. Using the first.");
+          }
+
           environment.lifecycle().manage(filter);
           environment.jersey().register(filter);
           webSocketEnvironment.jersey().register(filter);
@@ -707,6 +727,52 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
       log.warn("No abusive message filters installed");
     }
 
+    if (reportSpamTokenProvider == null) {
+      reportSpamTokenProvider = ReportSpamTokenProvider.noop();
+    }
+
+    if (reportSpamTokenHandler == null) {
+      reportSpamTokenHandler = ReportSpamTokenHandler.noop();
+    }
+
+    final List<Object> commonControllers = Lists.newArrayList(
+        new ArtController(rateLimiters, artCredentialsGenerator),
+        new AttachmentControllerV2(rateLimiters, config.getAwsAttachmentsConfiguration().getAccessKey(), config.getAwsAttachmentsConfiguration().getAccessSecret(), config.getAwsAttachmentsConfiguration().getRegion(), config.getAwsAttachmentsConfiguration().getBucket()),
+        new AttachmentControllerV3(rateLimiters, config.getGcpAttachmentsConfiguration().getDomain(), config.getGcpAttachmentsConfiguration().getEmail(), config.getGcpAttachmentsConfiguration().getMaxSizeInBytes(), config.getGcpAttachmentsConfiguration().getPathPrefix(), config.getGcpAttachmentsConfiguration().getRsaSigningKey()),
+        new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().getCertificate(), config.getDeliveryCertificate().getPrivateKey(), config.getDeliveryCertificate().getExpiresDays()), zkAuthOperations, clock),
+        new ChallengeController(rateLimitChallengeManager),
+        new DeviceController(pendingDevicesManager, accountsManager, messagesManager, keys, rateLimiters, config.getMaxDevices()),
+        new DirectoryController(directoryCredentialsGenerator),
+        new DirectoryV2Controller(directoryV2CredentialsGenerator),
+        new DonationController(clock, zkReceiptOperations, redeemedReceiptsManager, accountsManager, config.getBadges(),
+            ReceiptCredentialPresentation::new),
+        new MessageController(rateLimiters, messageSender, receiptSender, accountsManager, deletedAccountsManager, messagesManager, pushNotificationManager, reportMessageManager, multiRecipientMessageExecutor,
+            reportSpamTokenProvider, reportSpamTokenHandler),
+        new PaymentsController(currencyManager, paymentsCredentialsGenerator),
+        new ProfileController(clock, rateLimiters, accountsManager, profilesManager, dynamicConfigurationManager,
+            profileBadgeConverter, config.getBadges(), cdnS3Client, profileCdnPolicyGenerator, profileCdnPolicySigner,
+            config.getCdnConfiguration().getBucket(), zkProfileOperations, batchIdentityCheckExecutor),
+        new ProvisioningController(rateLimiters, provisioningManager),
+        new RemoteConfigController(remoteConfigsManager, adminEventLogger,
+            config.getRemoteConfigConfiguration().getAuthorizedTokens(),
+            config.getRemoteConfigConfiguration().getGlobalConfig()),
+        new SecureBackupController(backupCredentialsGenerator),
+        new SecureStorageController(storageCredentialsGenerator),
+        new StickerController(rateLimiters, config.getCdnConfiguration().getAccessKey(),
+            config.getCdnConfiguration().getAccessSecret(), config.getCdnConfiguration().getRegion(),
+            config.getCdnConfiguration().getBucket())
+    );
+    if (config.getSubscription() != null && config.getOneTimeDonations() != null) {
+      commonControllers.add(new SubscriptionController(clock, config.getSubscription(), config.getOneTimeDonations(),
+          subscriptionManager, stripeManager, braintreeManager, zkReceiptOperations, issuedReceiptsManager, profileBadgeConverter,
+          resourceBundleLevelTranslator));
+    }
+
+    for (Object controller : commonControllers) {
+      environment.jersey().register(controller);
+      webSocketEnvironment.jersey().register(controller);
+    }
+
     WebSocketEnvironment<AuthenticatedAccount> provisioningEnvironment = new WebSocketEnvironment<>(environment,
         webSocketEnvironment.getRequestLog(), 60000);
     provisioningEnvironment.jersey().register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
@@ -717,13 +783,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     registerCorsFilter(environment);
     registerExceptionMappers(environment, webSocketEnvironment, provisioningEnvironment);
 
-    RateLimitChallengeExceptionMapper rateLimitChallengeExceptionMapper =
-        new RateLimitChallengeExceptionMapper(rateLimitChallengeOptionManager);
-
-    environment.jersey().register(rateLimitChallengeExceptionMapper);
-    webSocketEnvironment.jersey().register(rateLimitChallengeExceptionMapper);
-    provisioningEnvironment.jersey().register(rateLimitChallengeExceptionMapper);
-
     environment.jersey().property(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE);
     webSocketEnvironment.jersey().property(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE);
     provisioningEnvironment.jersey().property(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE);

service/src/main/java/org/whispersystems/textsecuregcm/abuse/AbusiveMessageFilter.java

@@ -30,4 +30,19 @@ public interface AbusiveMessageFilter extends ContainerRequestFilter, Managed {
    * @throws IOException if the filter could not read its configuration source for any reason
    */
   void configure(String environmentName) throws IOException;
+
+  /**
+   * Builds a spam report token provider. This will generate tokens used by the spam reporting system.
+   *
+   * @return the configured spam report token provider.
+   */
+  ReportSpamTokenProvider getReportSpamTokenProvider();
+
+  /**
+   * Builds a spam report token handler. This will handle tokens received by the spam reporting system.
+   *
+   * @return the configured spam report token handler
+   */
+  ReportSpamTokenHandler getReportSpamTokenHandler();
+
 }

service/src/main/java/org/whispersystems/textsecuregcm/abuse/ReportSpamTokenHandler.java

@@ -0,0 +1,47 @@
+package org.whispersystems.textsecuregcm.abuse;
+
+import java.util.Optional;
+import java.util.UUID;
+import java.util.concurrent.CompletableFuture;
+
+/**
+ * Handles ReportSpamTokens during spam reports.
+ */
+public interface ReportSpamTokenHandler {
+
+  /**
+   * Handle spam reports using the given ReportSpamToken and other provided parameters.
+   *
+   * @param reportSpamToken binary data representing a spam report token.
+   * @return true if the token could be handled (and was), false otherwise.
+   */
+  CompletableFuture<Boolean> handle(
+      Optional<String> sourceNumber,
+      Optional<UUID> sourceAci,
+      Optional<UUID> sourcePni,
+      UUID messageGuid,
+      UUID spamReporterUuid,
+      byte[] reportSpamToken);
+
+  /**
+   * Handler which does nothing.
+   *
+   * @return the handler
+   */
+  static ReportSpamTokenHandler noop() {
+    return new ReportSpamTokenHandler() {
+      @Override
+      public CompletableFuture<Boolean> handle(
+          final Optional<String> sourceNumber,
+          final Optional<UUID> sourceAci,
+          final Optional<UUID> sourcePni,
+          final UUID messageGuid,
+          final UUID spamReporterUuid,
+          final byte[] reportSpamToken) {
+        return CompletableFuture.completedFuture(false);
+      }
+    };
+  }
+
+
+}

service/src/main/java/org/whispersystems/textsecuregcm/abuse/ReportSpamTokenProvider.java

@@ -0,0 +1,38 @@
+package org.whispersystems.textsecuregcm.abuse;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import java.util.Optional;
+import java.util.function.Function;
+
+/**
+ * Generates ReportSpamTokens to be used for spam reports.
+ */
+public interface ReportSpamTokenProvider {
+
+  /**
+   * Generate a new ReportSpamToken
+   *
+   * @param context the message request context
+   * @return either a generated token or nothing
+   */
+  Optional<byte[]> makeReportSpamToken(ContainerRequestContext context);
+
+  /**
+   * Provider which generates nothing
+   *
+   * @return the provider
+   */
+  static ReportSpamTokenProvider noop() {
+    return create(c -> Optional.empty());
+  }
+
+  /**
+   * Provider which generates ReportSpamTokens using the given function
+   *
+   * @param fn function from message requests to optional tokens
+   * @return the provider
+   */
+  static ReportSpamTokenProvider create(Function<ContainerRequestContext, Optional<byte[]>> fn) {
+    return fn::apply;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthenticationCredentials.java

@@ -7,6 +7,7 @@ package org.whispersystems.textsecuregcm.auth;
 import com.google.common.annotations.VisibleForTesting;
 import org.apache.commons.codec.binary.Hex;
 import org.signal.libsignal.protocol.kdf.HKDF;
+import org.whispersystems.textsecuregcm.util.Util;
 
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
@@ -32,13 +33,13 @@ public class AuthenticationCredentials {
   }
 
   public AuthenticationCredentials(String authenticationToken) {
-    this.salt                      = String.valueOf(Math.abs(new SecureRandom().nextInt()));
+    this.salt = String.valueOf(Util.ensureNonNegativeInt(new SecureRandom().nextInt()));
     this.hashedAuthenticationToken = getV2HashedValue(salt, authenticationToken);
   }
 
   @VisibleForTesting
   public AuthenticationCredentials v1ForTesting(String authenticationToken) {
-    String salt = String.valueOf(Math.abs(new SecureRandom().nextInt()));
+    String salt = String.valueOf(Util.ensureNonNegativeInt(new SecureRandom().nextInt()));
     return new AuthenticationCredentials(getV1HashedValue(salt, authenticationToken), salt);
   }
 

service/src/main/java/org/whispersystems/textsecuregcm/auth/BaseAccountAuthenticator.java

@@ -27,13 +27,21 @@ import org.whispersystems.textsecuregcm.util.Util;
 public class BaseAccountAuthenticator {
 
   private static final String AUTHENTICATION_COUNTER_NAME = name(BaseAccountAuthenticator.class, "authentication");
+  private static final String ENABLED_NOT_REQUIRED_AUTHENTICATION_COUNTER_NAME = name(BaseAccountAuthenticator.class,
+      "enabledNotRequiredAuthentication");
   private static final String AUTHENTICATION_SUCCEEDED_TAG_NAME = "succeeded";
   private static final String AUTHENTICATION_FAILURE_REASON_TAG_NAME = "reason";
-  private static final String AUTHENTICATION_ENABLED_REQUIRED_TAG_NAME = "enabledRequired";
+  private static final String ENABLED_TAG_NAME = "enabled";
+  private static final String AUTHENTICATION_HAS_STORY_CAPABILITY = "hasStoryCapability";
+
+  private static final String STORY_ADOPTION_COUNTER_NAME = name(BaseAccountAuthenticator.class, "storyAdoption");
 
   private static final String DAYS_SINCE_LAST_SEEN_DISTRIBUTION_NAME = name(BaseAccountAuthenticator.class, "daysSinceLastSeen");
   private static final String IS_PRIMARY_DEVICE_TAG = "isPrimary";
 
+  @VisibleForTesting
+  static final char DEVICE_ID_SEPARATOR = '.';
+
   private final AccountsManager accountsManager;
   private final Clock           clock;
 
@@ -51,7 +59,7 @@ public class BaseAccountAuthenticator {
     final String identifier;
     final long deviceId;
 
-    final int deviceIdSeparatorIndex = basicUsername.indexOf('.');
+    final int deviceIdSeparatorIndex = basicUsername.indexOf(DEVICE_ID_SEPARATOR);
 
     if (deviceIdSeparatorIndex == -1) {
       identifier = basicUsername;
@@ -67,6 +75,7 @@ public class BaseAccountAuthenticator {
   public Optional<AuthenticatedAccount> authenticate(BasicCredentials basicCredentials, boolean enabledRequired) {
     boolean succeeded = false;
     String failureReason = null;
+    boolean hasStoryCapability = false;
 
     try {
       final UUID accountUuid;
@@ -85,6 +94,8 @@ public class BaseAccountAuthenticator {
         return Optional.empty();
       }
 
+      hasStoryCapability = account.map(Account::isStoriesSupported).orElse(false);
+
       Optional<Device> device = account.get().getDevice(deviceId);
 
       if (device.isEmpty()) {
@@ -93,15 +104,23 @@ public class BaseAccountAuthenticator {
       }
 
       if (enabledRequired) {
-        if (!device.get().isEnabled()) {
+        final boolean deviceDisabled = !device.get().isEnabled();
+        if (deviceDisabled) {
           failureReason = "deviceDisabled";
-          return Optional.empty();
         }
 
-        if (!account.get().isEnabled()) {
+        final boolean accountDisabled = !account.get().isEnabled();
+        if (accountDisabled) {
           failureReason = "accountDisabled";
+        }
+        if (accountDisabled || deviceDisabled) {
           return Optional.empty();
         }
+      } else {
+        Metrics.counter(ENABLED_NOT_REQUIRED_AUTHENTICATION_COUNTER_NAME,
+                ENABLED_TAG_NAME, String.valueOf(device.get().isEnabled() && account.get().isEnabled()),
+                IS_PRIMARY_DEVICE_TAG, String.valueOf(device.get().isMaster()))
+            .increment();
       }
 
       AuthenticationCredentials deviceAuthenticationCredentials = device.get().getAuthenticationCredentials();
@@ -124,22 +143,33 @@ public class BaseAccountAuthenticator {
       return Optional.empty();
     } finally {
       Tags tags = Tags.of(
-          AUTHENTICATION_SUCCEEDED_TAG_NAME, String.valueOf(succeeded),
-          AUTHENTICATION_ENABLED_REQUIRED_TAG_NAME, String.valueOf(enabledRequired));
+          AUTHENTICATION_SUCCEEDED_TAG_NAME, String.valueOf(succeeded));
 
       if (StringUtils.isNotBlank(failureReason)) {
         tags = tags.and(AUTHENTICATION_FAILURE_REASON_TAG_NAME, failureReason);
       }
 
       Metrics.counter(AUTHENTICATION_COUNTER_NAME, tags).increment();
+
+      Tags storyTags = Tags.of(AUTHENTICATION_HAS_STORY_CAPABILITY, String.valueOf(hasStoryCapability));
+      Metrics.counter(STORY_ADOPTION_COUNTER_NAME, storyTags).increment();
     }
   }
 
   @VisibleForTesting
   public Account updateLastSeen(Account account, Device device) {
-    final long lastSeenOffsetSeconds   = Math.abs(account.getUuid().getLeastSignificantBits()) % ChronoUnit.DAYS.getDuration().toSeconds();
+    // compute a non-negative integer between 0 and 86400.
+    long n = Util.ensureNonNegativeLong(account.getUuid().getLeastSignificantBits());
+    final long lastSeenOffsetSeconds = n % ChronoUnit.DAYS.getDuration().toSeconds();
+
+    // produce a truncated timestamp which is either today at UTC midnight
+    // or yesterday at UTC midnight, based on per-user randomized offset used.
     final long todayInMillisWithOffset = Util.todayInMillisGivenOffsetFromNow(clock, Duration.ofSeconds(lastSeenOffsetSeconds).negated());
 
+    // only update the device's last seen time when it falls behind the truncated timestamp.
+    // this ensure a few things:
+    //   (1) each account will only update last-seen at most once per day
+    //   (2) these updates will occur throughout the day rather than all occurring at UTC midnight.
     if (device.getLastSeen() < todayInMillisWithOffset) {
       Metrics.summary(DAYS_SINCE_LAST_SEEN_DISTRIBUTION_NAME, IS_PRIMARY_DEVICE_TAG, String.valueOf(device.isMaster()))
           .record(Duration.ofMillis(todayInMillisWithOffset - device.getLastSeen()).toDays());

service/src/main/java/org/whispersystems/textsecuregcm/auth/ExternalServiceCredentialGenerator.java

@@ -9,9 +9,9 @@ import com.google.common.annotations.VisibleForTesting;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.time.Clock;
+import java.util.HexFormat;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
-import org.apache.commons.codec.binary.Hex;
 import org.whispersystems.textsecuregcm.util.Util;
 
 public class ExternalServiceCredentialGenerator {
@@ -20,33 +20,50 @@ public class ExternalServiceCredentialGenerator {
   private final byte[] userIdKey;
   private final boolean usernameDerivation;
   private final boolean prependUsername;
+  private final boolean truncateKey;
   private final Clock clock;
 
   public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey) {
-    this(key, userIdKey, true, true);
+    this(key, userIdKey, true, true, true);
   }
 
   public ExternalServiceCredentialGenerator(byte[] key, boolean prependUsername) {
-    this(key, new byte[0], false, prependUsername);
+    this(key, prependUsername, true);
+  }
+
+  public ExternalServiceCredentialGenerator(byte[] key, boolean prependUsername, boolean truncateKey) {
+    this(key, new byte[0], false, prependUsername, truncateKey);
   }
 
   @VisibleForTesting
   public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation) {
-    this(key, userIdKey, usernameDerivation, true);
+    this(key, userIdKey, usernameDerivation, true, true);
   }
 
   public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
       boolean prependUsername) {
-    this(key, userIdKey, usernameDerivation, prependUsername, Clock.systemUTC());
+    this(key, userIdKey, usernameDerivation, prependUsername, true, Clock.systemUTC());
+  }
+
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
+      boolean prependUsername, boolean truncateKey) {
+    this(key, userIdKey, usernameDerivation, prependUsername, truncateKey, Clock.systemUTC());
   }
 
   @VisibleForTesting
   public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
       boolean prependUsername, Clock clock) {
+    this(key, userIdKey, usernameDerivation, prependUsername, true, clock);
+  }
+
+  @VisibleForTesting
+  public ExternalServiceCredentialGenerator(byte[] key, byte[] userIdKey, boolean usernameDerivation,
+      boolean prependUsername, boolean truncateKey, Clock clock) {
     this.key = key;
     this.userIdKey = userIdKey;
     this.usernameDerivation = usernameDerivation;
     this.prependUsername = prependUsername;
+    this.truncateKey = truncateKey;
     this.clock = clock;
   }
 
@@ -55,14 +72,17 @@ public class ExternalServiceCredentialGenerator {
     String username = getUserId(identity, mac, usernameDerivation);
     long currentTimeSeconds = clock.millis() / 1000;
     String prefix = username + ":" + currentTimeSeconds;
-    String output = Hex.encodeHexString(Util.truncate(getHmac(key, prefix.getBytes(), mac), 10));
+    byte[] prefixMac = getHmac(key, prefix.getBytes(), mac);
+    final HexFormat hex = HexFormat.of();
+    String output = hex.formatHex(truncateKey ? Util.truncate(prefixMac, 10) : prefixMac);
     String token = (prependUsername ? prefix : currentTimeSeconds) + ":" + output;
 
     return new ExternalServiceCredentials(username, token);
   }
 
   private String getUserId(String number, Mac mac, boolean usernameDerivation) {
-    if (usernameDerivation) return Hex.encodeHexString(Util.truncate(getHmac(userIdKey, number.getBytes(), mac), 10));
+    final HexFormat hex = HexFormat.of();
+    if (usernameDerivation) return hex.formatHex(Util.truncate(getHmac(userIdKey, number.getBytes(), mac), 10));
     else                    return number;
   }
 

service/src/main/java/org/whispersystems/textsecuregcm/auth/ExternalServiceCredentials.java

@@ -6,28 +6,6 @@
 package org.whispersystems.textsecuregcm.auth;
 
 
-import com.fasterxml.jackson.annotation.JsonProperty;
+public record ExternalServiceCredentials(String username, String password) {
 
-public class ExternalServiceCredentials {
-
-  @JsonProperty
-  private String username;
-
-  @JsonProperty
-  private String password;
-
-  public ExternalServiceCredentials(String username, String password) {
-    this.username = username;
-    this.password = password;
-  }
-
-  public ExternalServiceCredentials() {}
-
-  public String getUsername() {
-    return username;
-  }
-
-  public String getPassword() {
-    return password;
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredRegistrationLock.java

@@ -21,6 +21,20 @@ public class StoredRegistrationLock {
 
   private final long             lastSeen;
 
+  /**
+   * @return milliseconds since the last time the account was seen.
+   */
+  private long timeSinceLastSeen() {
+    return System.currentTimeMillis() - lastSeen;
+  }
+
+  /**
+   * @return true if the registration lock and salt are both set.
+   */
+  private boolean hasLockAndSalt() {
+    return registrationLock.isPresent() && registrationLockSalt.isPresent();
+  }
+
   public StoredRegistrationLock(Optional<String> registrationLock, Optional<String> registrationLockSalt, long lastSeen) {
     this.registrationLock     = registrationLock;
     this.registrationLockSalt = registrationLockSalt;
@@ -28,24 +42,22 @@ public class StoredRegistrationLock {
   }
 
   public boolean requiresClientRegistrationLock() {
-    return registrationLock.isPresent() && registrationLockSalt.isPresent() && System.currentTimeMillis() - lastSeen < TimeUnit.DAYS.toMillis(7);
+    boolean hasTimeRemaining = getTimeRemaining() >= 0;
+    return hasLockAndSalt() && hasTimeRemaining;
   }
 
   public boolean needsFailureCredentials() {
-    return registrationLock.isPresent() && registrationLockSalt.isPresent();
+    return hasLockAndSalt();
   }
 
   public long getTimeRemaining() {
-    return TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - lastSeen);
+    return TimeUnit.DAYS.toMillis(7) - timeSinceLastSeen();
   }
 
   public boolean verify(@Nullable String clientRegistrationLock) {
-    if (Util.isEmpty(clientRegistrationLock)) {
-      return false;
-    }
-
-    if (registrationLock.isPresent() && registrationLockSalt.isPresent() && !Util.isEmpty(clientRegistrationLock)) {
-      return new AuthenticationCredentials(registrationLock.get(), registrationLockSalt.get()).verify(clientRegistrationLock);
+    if (hasLockAndSalt() && Util.nonEmpty(clientRegistrationLock)) {
+      AuthenticationCredentials credentials = new AuthenticationCredentials(registrationLock.get(), registrationLockSalt.get());
+      return credentials.verify(clientRegistrationLock);
     } else {
       return false;
     }

service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCode.java

@@ -5,60 +5,18 @@
 
 package org.whispersystems.textsecuregcm.auth;
 
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import java.security.MessageDigest;
 import java.time.Duration;
-import java.util.Optional;
 import javax.annotation.Nullable;
 import org.whispersystems.textsecuregcm.util.Util;
 
-public class StoredVerificationCode {
-
-  @JsonProperty
-  private final String code;
-
-  @JsonProperty
-  private final long timestamp;
-
-  @JsonProperty
-  private final String pushCode;
-
-  @JsonProperty
-  @Nullable
-  private final String twilioVerificationSid;
+public record StoredVerificationCode(String code,
+                                     long timestamp,
+                                     String pushCode,
+                                     @Nullable byte[] sessionId) {
 
   public static final Duration EXPIRATION = Duration.ofMinutes(10);
 
-  @JsonCreator
-  public StoredVerificationCode(
-      @JsonProperty("code") final String code,
-      @JsonProperty("timestamp") final long timestamp,
-      @JsonProperty("pushCode") final String pushCode,
-      @JsonProperty("twilioVerificationSid") @Nullable final String twilioVerificationSid) {
-
-    this.code = code;
-    this.timestamp = timestamp;
-    this.pushCode = pushCode;
-    this.twilioVerificationSid = twilioVerificationSid;
-  }
-
-  public String getCode() {
-    return code;
-  }
-
-  public long getTimestamp() {
-    return timestamp;
-  }
-
-  public String getPushCode() {
-    return pushCode;
-  }
-
-  public Optional<String> getTwilioVerificationSid() {
-    return Optional.ofNullable(twilioVerificationSid);
-  }
-
   public boolean isValid(String theirCodeString) {
     if (Util.isEmpty(code) || Util.isEmpty(theirCodeString)) {
       return false;

service/src/main/java/org/whispersystems/textsecuregcm/auth/TurnTokenGenerator.java

@@ -10,6 +10,7 @@ import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfigurati
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicTurnConfiguration;
 import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
 import org.whispersystems.textsecuregcm.util.Pair;
+import org.whispersystems.textsecuregcm.util.Util;
 import org.whispersystems.textsecuregcm.util.WeightedRandomSelect;
 
 import javax.crypto.Mac;
@@ -36,7 +37,7 @@ public class TurnTokenGenerator {
       List<String> urls         = urls(e164);
       Mac    mac                = Mac.getInstance("HmacSHA1");
       long   validUntilSeconds  = (System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)) / 1000;
-      long   user               = Math.abs(new SecureRandom().nextInt());
+      long   user               = Util.ensureNonNegativeInt(new SecureRandom().nextInt());
       String userTime           = validUntilSeconds + ":"  + user;
 
       mac.init(new SecretKeySpec(key, "HmacSHA1"));

service/src/main/java/org/whispersystems/textsecuregcm/captcha/AssessmentResult.java

@@ -0,0 +1,27 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+/**
+ * A captcha assessment
+ *
+ * @param valid whether the captcha was passed
+ * @param score string representation of the risk level
+ */
+public record AssessmentResult(boolean valid, String score) {
+
+  public static AssessmentResult invalid() {
+    return new AssessmentResult(false, "");
+  }
+
+  /**
+   * Map a captcha score in [0.0, 1.0] to a low cardinality discrete space in [0, 100] suitable for use in metrics
+   */
+  static String scoreString(final float score) {
+    final int x = Math.round(score * 10); // [0, 10]
+    return Integer.toString(x * 10); // [0, 100] in increments of 10
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/CaptchaChecker.java

@@ -0,0 +1,76 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import com.google.common.annotations.VisibleForTesting;
+import io.micrometer.core.instrument.Metrics;
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import javax.ws.rs.BadRequestException;
+
+import static org.whispersystems.textsecuregcm.metrics.MetricsUtil.name;
+
+public class CaptchaChecker {
+  private static final String ASSESSMENTS_COUNTER_NAME = name(RecaptchaClient.class, "assessments");
+
+  @VisibleForTesting
+  static final String SEPARATOR = ".";
+
+  private final Map<String, CaptchaClient> captchaClientMap;
+
+  public CaptchaChecker(final List<CaptchaClient> captchaClients) {
+    this.captchaClientMap = captchaClients.stream()
+        .collect(Collectors.toMap(CaptchaClient::scheme, Function.identity()));
+  }
+
+  /**
+   * Check if a solved captcha should be accepted
+   * <p>
+   *
+   * @param input expected to contain a prefix indicating the captcha scheme, sitekey, token, and action. The expected
+   *              format is {@code version-prefix.sitekey.[action.]token}
+   * @param ip    IP of the solver
+   * @return An {@link AssessmentResult} indicating whether the solution should be accepted, and a score that can be
+   * used for metrics
+   * @throws IOException         if there is an error validating the captcha with the underlying service
+   * @throws BadRequestException if input is not in the expected format
+   */
+  public AssessmentResult verify(final String input, final String ip) throws IOException {
+    /*
+     * For action to be optional, there is a strong assumption that the token will never contain a {@value  SEPARATOR}.
+     * Observation suggests {@code token} is base-64 encoded. In practice, an action should always be present, but we
+     * don’t need to be strict.
+     */
+    final String[] parts = input.split("\\" + SEPARATOR, 4);
+
+    // we allow missing actions, if we're missing 1 part, assume it's the action
+    if (parts.length < 3) {
+      throw new BadRequestException("too few parts");
+    }
+
+    int idx = 0;
+    final String prefix = parts[idx++];
+    final String siteKey = parts[idx++];
+    final String action = parts.length == 3 ? null : parts[idx++];
+    final String token = parts[idx];
+
+    final CaptchaClient client = this.captchaClientMap.get(prefix);
+    if (client == null) {
+      throw new BadRequestException("invalid captcha scheme");
+    }
+    final AssessmentResult result = client.verify(siteKey, action, token, ip);
+    Metrics.counter(ASSESSMENTS_COUNTER_NAME,
+            "action", String.valueOf(action),
+            "valid", String.valueOf(result.valid()),
+            "score", result.score(),
+            "provider", prefix)
+        .increment();
+    return result;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/CaptchaClient.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import javax.annotation.Nullable;
+import java.io.IOException;
+
+public interface CaptchaClient {
+
+  /**
+   * @return the identifying captcha scheme that this CaptchaClient handles
+   */
+  String scheme();
+
+  /**
+   * Verify a provided captcha solution
+   *
+   * @param siteKey identifying string for the captcha service
+   * @param action  an optional action indicating the purpose of the captcha
+   * @param token   the captcha solution that will be verified
+   * @param ip      the ip of the captcha solve
+   * @return An {@link AssessmentResult} indicating whether the solution should be accepted
+   * @throws IOException if the underlying captcha provider returns an error
+   */
+  AssessmentResult verify(
+      final String siteKey,
+      final @Nullable String action,
+      final String token,
+      final String ip) throws IOException;
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/HCaptchaClient.java

@@ -0,0 +1,114 @@
+/*
+ * Copyright 2021-2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import static org.whispersystems.textsecuregcm.metrics.MetricsUtil.name;
+
+import io.micrometer.core.instrument.Metrics;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URLEncoder;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.nio.charset.StandardCharsets;
+import javax.annotation.Nullable;
+import javax.ws.rs.core.Response;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicCaptchaConfiguration;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
+import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
+import org.whispersystems.textsecuregcm.util.SystemMapper;
+
+public class HCaptchaClient implements CaptchaClient {
+
+  private static final Logger logger = LoggerFactory.getLogger(HCaptchaClient.class);
+  private static final String PREFIX = "signal-hcaptcha";
+  private static final String ASSESSMENT_REASON_COUNTER_NAME = name(HCaptchaClient.class, "assessmentReason");
+  private static final String INVALID_REASON_COUNTER_NAME = name(HCaptchaClient.class, "invalidReason");
+  private final String apiKey;
+  private final HttpClient client;
+  private final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager;
+
+  public HCaptchaClient(
+      final String apiKey,
+      final HttpClient client,
+      final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager) {
+    this.apiKey = apiKey;
+    this.client = client;
+    this.dynamicConfigurationManager = dynamicConfigurationManager;
+  }
+
+  @Override
+  public String scheme() {
+    return PREFIX;
+  }
+
+  @Override
+  public AssessmentResult verify(final String siteKey, final @Nullable String action, final String token,
+      final String ip)
+      throws IOException {
+
+    final DynamicCaptchaConfiguration config = dynamicConfigurationManager.getConfiguration().getCaptchaConfiguration();
+    if (!config.isAllowHCaptcha()) {
+      logger.warn("Received request to verify an hCaptcha, but hCaptcha is not enabled");
+      return AssessmentResult.invalid();
+    }
+
+    final String body = String.format("response=%s&secret=%s&remoteip=%s",
+        URLEncoder.encode(token, StandardCharsets.UTF_8),
+        URLEncoder.encode(this.apiKey, StandardCharsets.UTF_8),
+        ip);
+    HttpRequest request = HttpRequest.newBuilder()
+        .uri(URI.create("https://hcaptcha.com/siteverify"))
+        .header("Content-Type", "application/x-www-form-urlencoded")
+        .POST(HttpRequest.BodyPublishers.ofString(body))
+        .build();
+
+    HttpResponse<String> response;
+    try {
+      response = this.client.send(request, HttpResponse.BodyHandlers.ofString());
+    } catch (InterruptedException e) {
+      throw new IOException(e);
+    }
+
+    if (response.statusCode() != Response.Status.OK.getStatusCode()) {
+      logger.warn("failure submitting token to hCaptcha (code={}): {}", response.statusCode(), response);
+      throw new IOException("hCaptcha http failure : " + response.statusCode());
+    }
+
+    final HCaptchaResponse hCaptchaResponse = SystemMapper.getMapper()
+        .readValue(response.body(), HCaptchaResponse.class);
+
+    logger.debug("received hCaptcha response: {}", hCaptchaResponse);
+
+    if (!hCaptchaResponse.success) {
+      for (String errorCode : hCaptchaResponse.errorCodes) {
+        Metrics.counter(INVALID_REASON_COUNTER_NAME,
+            "action", String.valueOf(action),
+            "reason", errorCode).increment();
+      }
+      return AssessmentResult.invalid();
+    }
+
+    // hcaptcha uses the inverse scheme of recaptcha (for hcaptcha, a low score is less risky)
+    float score = 1.0f - hCaptchaResponse.score;
+    if (score < 0.0f || score > 1.0f) {
+      logger.error("Invalid score {} from hcaptcha response {}", hCaptchaResponse.score, hCaptchaResponse);
+      return AssessmentResult.invalid();
+    }
+    final String scoreString = AssessmentResult.scoreString(score);
+
+    for (String reason : hCaptchaResponse.scoreReasons) {
+      Metrics.counter(ASSESSMENT_REASON_COUNTER_NAME,
+          "action", String.valueOf(action),
+          "reason", reason,
+          "score", scoreString).increment();
+    }
+    return new AssessmentResult(score >= config.getScoreFloor().floatValue(), scoreString);
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/HCaptchaResponse.java

@@ -0,0 +1,57 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.time.Duration;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * Verify response returned by hcaptcha
+ * <p>
+ * see <a href="https://docs.hcaptcha.com/#verify-the-user-response-server-side">...</a>
+ */
+public class HCaptchaResponse {
+
+  @JsonProperty
+  boolean success;
+
+  @JsonProperty(value = "challenge-ts")
+  Duration challengeTs;
+
+  @JsonProperty
+  String hostname;
+
+  @JsonProperty
+  boolean credit;
+
+  @JsonProperty(value = "error-codes")
+  List<String> errorCodes = Collections.emptyList();
+
+  @JsonProperty
+  float score;
+
+  @JsonProperty(value = "score-reasons")
+  List<String> scoreReasons = Collections.emptyList();
+
+  public HCaptchaResponse() {
+  }
+
+  @Override
+  public String toString() {
+    return "HCaptchaResponse{" +
+        "success=" + success +
+        ", challengeTs=" + challengeTs +
+        ", hostname='" + hostname + '\'' +
+        ", credit=" + credit +
+        ", errorCodes=" + errorCodes +
+        ", score=" + score +
+        ", scoreReasons=" + scoreReasons +
+        '}';
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/captcha/RecaptchaClient.java

@@ -0,0 +1,113 @@
+/*
+ * Copyright 2021-2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.captcha;
+
+import static org.whispersystems.textsecuregcm.metrics.MetricsUtil.name;
+
+import com.google.api.gax.core.FixedCredentialsProvider;
+import com.google.api.gax.rpc.ApiException;
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.cloud.recaptchaenterprise.v1.RecaptchaEnterpriseServiceClient;
+import com.google.cloud.recaptchaenterprise.v1.RecaptchaEnterpriseServiceSettings;
+import com.google.recaptchaenterprise.v1.Assessment;
+import com.google.recaptchaenterprise.v1.Event;
+import com.google.recaptchaenterprise.v1.RiskAnalysis;
+import io.micrometer.core.instrument.Metrics;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Objects;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicCaptchaConfiguration;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
+import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
+
+public class RecaptchaClient implements CaptchaClient {
+
+  private static final Logger log = LoggerFactory.getLogger(RecaptchaClient.class);
+
+  private static final String V2_PREFIX = "signal-recaptcha-v2";
+  private static final String INVALID_REASON_COUNTER_NAME = name(RecaptchaClient.class, "invalidReason");
+  private static final String ASSESSMENT_REASON_COUNTER_NAME = name(RecaptchaClient.class, "assessmentReason");
+
+  private final String projectPath;
+  private final RecaptchaEnterpriseServiceClient client;
+  private final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager;
+
+  public RecaptchaClient(
+      @Nonnull final String projectPath,
+      @Nonnull final String recaptchaCredentialConfigurationJson,
+      final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager) {
+    try {
+      this.projectPath = Objects.requireNonNull(projectPath);
+      this.client = RecaptchaEnterpriseServiceClient.create(RecaptchaEnterpriseServiceSettings.newBuilder()
+          .setCredentialsProvider(FixedCredentialsProvider.create(GoogleCredentials.fromStream(
+              new ByteArrayInputStream(recaptchaCredentialConfigurationJson.getBytes(StandardCharsets.UTF_8)))))
+          .build());
+
+      this.dynamicConfigurationManager = dynamicConfigurationManager;
+    } catch (IOException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  @Override
+  public String scheme() {
+    return V2_PREFIX;
+  }
+
+  @Override
+  public org.whispersystems.textsecuregcm.captcha.AssessmentResult verify(final String sitekey,
+      final @Nullable String expectedAction,
+      final String token, final String ip) throws IOException {
+    final DynamicCaptchaConfiguration config = dynamicConfigurationManager.getConfiguration().getCaptchaConfiguration();
+    if (!config.isAllowRecaptcha()) {
+      log.warn("Received request to verify a recaptcha, but recaptcha is not enabled");
+      return AssessmentResult.invalid();
+    }
+
+    Event.Builder eventBuilder = Event.newBuilder()
+        .setSiteKey(sitekey)
+        .setToken(token)
+        .setUserIpAddress(ip);
+
+    if (expectedAction != null) {
+      eventBuilder.setExpectedAction(expectedAction);
+    }
+
+    final Event event = eventBuilder.build();
+    final Assessment assessment;
+    try {
+      assessment = client.createAssessment(projectPath, Assessment.newBuilder().setEvent(event).build());
+    } catch (ApiException e) {
+      throw new IOException(e);
+    }
+
+    if (assessment.getTokenProperties().getValid()) {
+      final float score = assessment.getRiskAnalysis().getScore();
+      log.debug("assessment for {} was valid, score: {}", expectedAction, score);
+      for (RiskAnalysis.ClassificationReason reason : assessment.getRiskAnalysis().getReasonsList()) {
+        Metrics.counter(ASSESSMENT_REASON_COUNTER_NAME,
+                "action", String.valueOf(expectedAction),
+                "score", AssessmentResult.scoreString(score),
+                "reason", reason.name())
+            .increment();
+      }
+      return new AssessmentResult(
+          score >= config.getScoreFloor().floatValue(),
+          AssessmentResult.scoreString(score));
+    } else {
+      Metrics.counter(INVALID_REASON_COUNTER_NAME,
+              "action", String.valueOf(expectedAction),
+              "reason", assessment.getTokenProperties().getInvalidReason().name())
+          .increment();
+      return AssessmentResult.invalid();
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/ArtServiceConfiguration.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.binary.Hex;
+
+import java.time.Duration;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+public class ArtServiceConfiguration {
+
+  @NotEmpty
+  @JsonProperty
+  private String userAuthenticationTokenSharedSecret;
+
+  @NotEmpty
+  @JsonProperty
+  private String userAuthenticationTokenUserIdSecret;
+
+  @JsonProperty
+  @NotNull
+  private Duration tokenExpiration = Duration.ofDays(1);
+
+  public byte[] getUserAuthenticationTokenSharedSecret() throws DecoderException {
+    return Hex.decodeHex(userAuthenticationTokenSharedSecret.toCharArray());
+  }
+
+  public byte[] getUserAuthenticationTokenUserIdSecret() throws DecoderException {
+    return Hex.decodeHex(userAuthenticationTokenUserIdSecret.toCharArray());
+  }
+
+  public Duration getTokenExpiration() {
+    return tokenExpiration;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BoostConfiguration.java

@@ -1,58 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import java.math.BigDecimal;
-import java.time.Duration;
-import java.util.List;
-import java.util.Map;
-import javax.validation.Valid;
-import javax.validation.constraints.DecimalMin;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-import org.whispersystems.textsecuregcm.util.ExactlySize;
-
-public class BoostConfiguration {
-
-  private final long level;
-  private final Duration expiration;
-  private final Map<String, List<BigDecimal>> currencies;
-  private final String badge;
-
-  @JsonCreator
-  public BoostConfiguration(
-      @JsonProperty("level") long level,
-      @JsonProperty("expiration") Duration expiration,
-      @JsonProperty("currencies") Map<String, List<BigDecimal>> currencies,
-      @JsonProperty("badge") String badge) {
-    this.level = level;
-    this.expiration = expiration;
-    this.currencies = currencies;
-    this.badge = badge;
-  }
-
-  public long getLevel() {
-    return level;
-  }
-
-  @NotNull
-  public Duration getExpiration() {
-    return expiration;
-  }
-
-  @Valid
-  @NotNull
-  public Map<@NotEmpty String, @Valid @ExactlySize(6) List<@DecimalMin("0.01") @NotNull BigDecimal>> getCurrencies() {
-    return currencies;
-  }
-
-  @NotEmpty
-  public String getBadge() {
-    return badge;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/BraintreeConfiguration.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import java.util.Map;
+import java.util.Set;
+import javax.validation.Valid;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+/**
+ * @param merchantId          the Braintree merchant ID
+ * @param publicKey           the Braintree API public key
+ * @param privateKey          the Braintree API private key
+ * @param environment         the Braintree environment ("production" or "sandbox")
+ * @param supportedCurrencies the set of supported currencies
+ * @param graphqlUrl          the Braintree GraphQL URl to use (this must match the environment)
+ * @param merchantAccounts    merchant account within the merchant for processing individual currencies
+ * @param circuitBreaker      configuration for the circuit breaker used by the GraphQL HTTP client
+ */
+public record BraintreeConfiguration(@NotBlank String merchantId,
+                                     @NotBlank String publicKey,
+                                     @NotBlank String privateKey,
+                                     @NotBlank String environment,
+                                     @NotEmpty Set<@NotBlank String> supportedCurrencies,
+                                     @NotBlank String graphqlUrl,
+                                     @NotEmpty Map<String, String> merchantAccounts,
+                                     @NotNull
+                                     @Valid
+                                     CircuitBreakerConfiguration circuitBreaker) {
+
+  public BraintreeConfiguration {
+    if (circuitBreaker == null) {
+      // It’s a little counter-intuitive, but this compact constructor allows a default value
+      // to be used when one isn’t specified (e.g. in YAML), allowing the field to still be
+      // validated as @NotNull
+      circuitBreaker = new CircuitBreakerConfiguration();
+    }
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DirectoryServerConfiguration.java

@@ -5,7 +5,9 @@
 package org.whispersystems.textsecuregcm.configuration;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
+import java.util.List;
 
 public class DirectoryServerConfiguration {
 
@@ -23,7 +25,7 @@ public class DirectoryServerConfiguration {
 
   @NotEmpty
   @JsonProperty
-  private String replicationCaCertificate;
+  private List<@NotBlank String> replicationCaCertificates;
 
   public String getReplicationName() {
     return replicationName;
@@ -37,8 +39,8 @@ public class DirectoryServerConfiguration {
     return replicationPassword;
   }
 
-  public String getReplicationCaCertificate() {
-    return replicationCaCertificate;
+  public List<String> getReplicationCaCertificates() {
+    return replicationCaCertificates;
   }
 
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/DonationConfiguration.java

@@ -1,78 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.google.common.annotations.VisibleForTesting;
-import java.util.Set;
-import javax.validation.Valid;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
-public class DonationConfiguration {
-
-  private String uri;
-  private String description;
-  private Set<String> supportedCurrencies;
-  private CircuitBreakerConfiguration circuitBreaker = new CircuitBreakerConfiguration();
-  private RetryConfiguration retry = new RetryConfiguration();
-
-  @JsonProperty
-  @NotEmpty
-  public String getUri() {
-    return uri;
-  }
-
-  @VisibleForTesting
-  public void setUri(final String uri) {
-    this.uri = uri;
-  }
-
-  @JsonProperty
-  public String getDescription() {
-    return description;
-  }
-
-  @VisibleForTesting
-  public void setDescription(final String description) {
-    this.description = description;
-  }
-
-  @JsonProperty
-  @NotEmpty
-  public Set<String> getSupportedCurrencies() {
-    return supportedCurrencies;
-  }
-
-  @VisibleForTesting
-  public void setSupportedCurrencies(final Set<String> supportedCurrencies) {
-    this.supportedCurrencies = supportedCurrencies;
-  }
-
-  @JsonProperty
-  @NotNull
-  @Valid
-  public CircuitBreakerConfiguration getCircuitBreaker() {
-    return circuitBreaker;
-  }
-
-  @VisibleForTesting
-  public void setCircuitBreaker(final CircuitBreakerConfiguration circuitBreaker) {
-    this.circuitBreaker = circuitBreaker;
-  }
-
-  @JsonProperty
-  @NotNull
-  @Valid
-  public RetryConfiguration getRetry() {
-    return retry;
-  }
-
-  @VisibleForTesting
-  public void setRetry(final RetryConfiguration retry) {
-    this.retry = retry;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/GiftConfiguration.java

@@ -1,21 +0,0 @@
-/*
- * Copyright 2022 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import java.math.BigDecimal;
-import java.time.Duration;
-import java.util.Map;
-import javax.validation.Valid;
-import javax.validation.constraints.DecimalMin;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
-public record GiftConfiguration(
-    long level,
-    @NotNull Duration expiration,
-    @Valid @NotNull Map<@NotEmpty String, @DecimalMin("0.01") @NotNull BigDecimal> currencies,
-    @NotEmpty String badge) {
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/HCaptchaConfiguration.java

@@ -0,0 +1,11 @@
+/*
+ * Copyright 2021-2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import javax.validation.constraints.NotBlank;
+
+public record HCaptchaConfiguration(@NotBlank String apiKey) {
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/OneTimeDonationConfiguration.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import java.time.Duration;
+import java.util.Map;
+import javax.validation.Valid;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Positive;
+
+/**
+ * @param boost      configuration for individual donations
+ * @param gift       configuration for gift donations
+ * @param currencies map of lower-cased ISO 3 currency codes and the suggested donation amounts in that currency
+ */
+public record OneTimeDonationConfiguration(@Valid ExpiringLevelConfiguration boost,
+                                           @Valid ExpiringLevelConfiguration gift,
+                                           Map<String, @Valid OneTimeDonationCurrencyConfiguration> currencies) {
+
+  /**
+   * @param badge      the numeric donation level ID
+   * @param level      the badge ID associated with the level
+   * @param expiration the duration after which the level expires
+   */
+  public record ExpiringLevelConfiguration(@NotEmpty String badge, @Positive long level, Duration expiration) {
+
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/OneTimeDonationCurrencyConfiguration.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.configuration;
+
+import java.math.BigDecimal;
+import java.util.List;
+import javax.validation.Valid;
+import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.util.ExactlySize;
+
+/**
+ * One-time donation configuration for a given currency
+ *
+ * @param minimum the minimum amount permitted to be charged in this currency
+ * @param gift    the suggested gift donation amount
+ * @param boosts  the list of suggested one-time donation amounts
+ */
+public record OneTimeDonationCurrencyConfiguration(
+    @NotNull @DecimalMin("0.01") BigDecimal minimum,
+    @NotNull @DecimalMin("0.01") BigDecimal gift,
+    @Valid
+    @ExactlySize(6)
+    @NotNull
+    List<@NotNull @DecimalMin("0.01") BigDecimal> boosts) {
+
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/PaymentsServiceConfiguration.java

@@ -9,8 +9,10 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
 
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 import java.util.List;
+import java.util.Map;
 
 public class PaymentsServiceConfiguration {
 
@@ -18,6 +20,14 @@ public class PaymentsServiceConfiguration {
   @JsonProperty
   private String userAuthenticationTokenSharedSecret;
 
+  @NotBlank
+  @JsonProperty
+  private String coinMarketCapApiKey;
+
+  @JsonProperty
+  @NotEmpty
+  private Map<@NotBlank String, Integer> coinMarketCapCurrencyIds;
+
   @NotEmpty
   @JsonProperty
   private String fixerApiKey;
@@ -30,6 +40,14 @@ public class PaymentsServiceConfiguration {
     return Hex.decodeHex(userAuthenticationTokenSharedSecret.toCharArray());
   }
 
+  public String getCoinMarketCapApiKey() {
+    return coinMarketCapApiKey;
+  }
+
+  public Map<String, Integer> getCoinMarketCapCurrencyIds() {
+    return coinMarketCapCurrencyIds;
+  }
+
   public String getFixerApiKey() {
     return fixerApiKey;
   }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RateLimitsConfiguration.java

@@ -56,6 +56,9 @@ public class RateLimitsConfiguration {
   @JsonProperty
   private RateLimitConfiguration stickerPack = new RateLimitConfiguration(50, 20 / (24.0 * 60.0));
 
+  @JsonProperty
+  private RateLimitConfiguration artPack = new RateLimitConfiguration(50, 20 / (24.0 * 60.0));
+
   @JsonProperty
   private RateLimitConfiguration usernameLookup = new RateLimitConfiguration(100, 100 / (24.0 * 60.0));
 
@@ -68,6 +71,9 @@ public class RateLimitsConfiguration {
   @JsonProperty
   private RateLimitConfiguration checkAccountExistence = new RateLimitConfiguration(1_000, 1_000 / 60.0);
 
+  @JsonProperty
+  private RateLimitConfiguration stories = new RateLimitConfiguration(10_000, 10_000 / (24.0 * 60.0));
+
   public RateLimitConfiguration getAutoBlock() {
     return autoBlock;
   }
@@ -132,6 +138,10 @@ public class RateLimitsConfiguration {
     return stickerPack;
   }
 
+  public RateLimitConfiguration getArtPack() {
+    return artPack;
+  }
+
   public RateLimitConfiguration getUsernameLookup() {
     return usernameLookup;
   }
@@ -148,6 +158,8 @@ public class RateLimitsConfiguration {
     return checkAccountExistence;
   }
 
+  public RateLimitConfiguration getStories() { return stories; }
+
   public static class RateLimitConfiguration {
     @JsonProperty
     private int bucketSize;

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java

@@ -0,0 +1,49 @@
+package org.whispersystems.textsecuregcm.configuration;
+
+import javax.validation.constraints.NotBlank;
+
+public class RegistrationServiceConfiguration {
+
+  @NotBlank
+  private String host;
+
+  private int port = 443;
+
+  @NotBlank
+  private String apiKey;
+
+  @NotBlank
+  private String registrationCaCertificate;
+
+  public String getHost() {
+    return host;
+  }
+
+  public void setHost(final String host) {
+    this.host = host;
+  }
+
+  public int getPort() {
+    return port;
+  }
+
+  public void setPort(final int port) {
+    this.port = port;
+  }
+
+  public String getApiKey() {
+    return apiKey;
+  }
+
+  public void setApiKey(final String apiKey) {
+    this.apiKey = apiKey;
+  }
+
+  public String getRegistrationCaCertificate() {
+    return registrationCaCertificate;
+  }
+
+  public void setRegistrationCaCertificate(final String registrationCaCertificate) {
+    this.registrationCaCertificate = registrationCaCertificate;
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SecureBackupServiceConfiguration.java

@@ -13,6 +13,7 @@ import javax.validation.constraints.NotNull;
 import com.google.common.annotations.VisibleForTesting;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
+import java.util.List;
 
 public class SecureBackupServiceConfiguration {
 
@@ -24,9 +25,9 @@ public class SecureBackupServiceConfiguration {
   @JsonProperty
   private String uri;
 
-  @NotBlank
+  @NotEmpty
   @JsonProperty
-  private String backupCaCertificate;
+  private List<@NotBlank String> backupCaCertificates;
 
   @NotNull
   @Valid
@@ -52,12 +53,12 @@ public class SecureBackupServiceConfiguration {
   }
 
   @VisibleForTesting
-  public void setBackupCaCertificate(final String backupCaCertificate) {
-    this.backupCaCertificate = backupCaCertificate;
+  public void setBackupCaCertificates(final List<String> backupCaCertificates) {
+    this.backupCaCertificates = backupCaCertificates;
   }
 
-  public String getBackupCaCertificate() {
-    return backupCaCertificate;
+  public List<String> getBackupCaCertificates() {
+    return backupCaCertificates;
   }
 
   public CircuitBreakerConfiguration getCircuitBreakerConfiguration() {

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SecureStorageServiceConfiguration.java

@@ -13,6 +13,7 @@ import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
+import java.util.List;
 
 public class SecureStorageServiceConfiguration {
 
@@ -24,9 +25,9 @@ public class SecureStorageServiceConfiguration {
   @JsonProperty
   private String uri;
 
-  @NotBlank
+  @NotEmpty
   @JsonProperty
-  private String storageCaCertificate;
+  private List<@NotBlank String> storageCaCertificates;
 
   @NotNull
   @Valid
@@ -52,12 +53,12 @@ public class SecureStorageServiceConfiguration {
   }
 
   @VisibleForTesting
-  public void setStorageCaCertificate(final String certificatePem) {
-    this.storageCaCertificate = certificatePem;
+  public void setStorageCaCertificates(final List<String> certificatePem) {
+    this.storageCaCertificates = certificatePem;
   }
 
-  public String getStorageCaCertificate() {
-    return storageCaCertificate;
+  public List<String> getStorageCaCertificates() {
+    return storageCaCertificates;
   }
 
   public CircuitBreakerConfiguration getCircuitBreakerConfiguration() {

service/src/main/java/org/whispersystems/textsecuregcm/configuration/StripeConfiguration.java

@@ -5,38 +5,13 @@
 
 package org.whispersystems.textsecuregcm.configuration;
 
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.Set;
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 
-public class StripeConfiguration {
+public record StripeConfiguration(@NotBlank String apiKey,
+                                  @NotEmpty byte[] idempotencyKeyGenerator,
+                                  @NotBlank String boostDescription,
+                                  @NotEmpty Set<@NotBlank String> supportedCurrencies) {
 
-  private final String apiKey;
-  private final byte[] idempotencyKeyGenerator;
-  private final String boostDescription;
-
-  @JsonCreator
-  public StripeConfiguration(
-      @JsonProperty("apiKey") final String apiKey,
-      @JsonProperty("idempotencyKeyGenerator") final byte[] idempotencyKeyGenerator,
-      @JsonProperty("boostDescription") final String boostDescription) {
-    this.apiKey = apiKey;
-    this.idempotencyKeyGenerator = idempotencyKeyGenerator;
-    this.boostDescription = boostDescription;
-  }
-
-  @NotEmpty
-  public String getApiKey() {
-    return apiKey;
-  }
-
-  @NotEmpty
-  public byte[] getIdempotencyKeyGenerator() {
-    return idempotencyKeyGenerator;
-  }
-
-  @NotEmpty
-  public String getBoostDescription() {
-    return boostDescription;
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SubscriptionLevelConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 Signal Messenger, LLC
+ * Copyright 2021-2022 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
@@ -15,16 +15,13 @@ import javax.validation.constraints.NotNull;
 public class SubscriptionLevelConfiguration {
 
   private final String badge;
-  private final String product;
   private final Map<String, SubscriptionPriceConfiguration> prices;
 
   @JsonCreator
   public SubscriptionLevelConfiguration(
       @JsonProperty("badge") @NotEmpty String badge,
-      @JsonProperty("product") @NotEmpty String product,
       @JsonProperty("prices") @Valid Map<@NotEmpty String, @NotNull @Valid SubscriptionPriceConfiguration> prices) {
     this.badge = badge;
-    this.product = product;
     this.prices = prices;
   }
 
@@ -32,10 +29,6 @@ public class SubscriptionLevelConfiguration {
     return badge;
   }
 
-  public String getProduct() {
-    return product;
-  }
-
   public Map<String, SubscriptionPriceConfiguration> getPrices() {
     return prices;
   }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/SubscriptionPriceConfiguration.java

@@ -5,31 +5,16 @@
 
 package org.whispersystems.textsecuregcm.configuration;
 
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import java.math.BigDecimal;
+import java.util.Map;
+import javax.validation.Valid;
 import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
+import org.whispersystems.textsecuregcm.subscriptions.SubscriptionProcessor;
 
-public class SubscriptionPriceConfiguration {
+public record SubscriptionPriceConfiguration(@Valid @NotEmpty Map<SubscriptionProcessor, @NotBlank String> processorIds,
+                                             @NotNull @DecimalMin("0.01") BigDecimal amount) {
 
-  private final String id;
-  private final BigDecimal amount;
-
-  @JsonCreator
-  public SubscriptionPriceConfiguration(
-      @JsonProperty("id") @NotEmpty String id,
-      @JsonProperty("amount") @NotNull @DecimalMin("0.01") BigDecimal amount) {
-    this.id = id;
-    this.amount = amount;
-  }
-
-  public String getId() {
-    return id;
-  }
-
-  public BigDecimal getAmount() {
-    return amount;
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/TwilioConfiguration.java

@@ -1,159 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.google.common.annotations.VisibleForTesting;
-import java.util.Collections;
-import java.util.Map;
-import javax.validation.Valid;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
-public class TwilioConfiguration {
-
-  @NotEmpty
-  private String accountId;
-
-  @NotEmpty
-  private String accountToken;
-
-  @NotEmpty
-  private String localDomain;
-
-  @NotEmpty
-  private String messagingServiceSid;
-
-  @NotEmpty
-  private String nanpaMessagingServiceSid;
-
-  @NotEmpty
-  private String verifyServiceSid;
-
-  @NotNull
-  @Valid
-  private CircuitBreakerConfiguration circuitBreaker = new CircuitBreakerConfiguration();
-
-  @NotNull
-  @Valid
-  private RetryConfiguration retry = new RetryConfiguration();
-
-  @Valid
-  private TwilioVerificationTextConfiguration defaultClientVerificationTexts;
-
-  @Valid
-  private Map<String,TwilioVerificationTextConfiguration> regionalClientVerificationTexts = Collections.emptyMap();
-
-  @NotEmpty
-  private String androidAppHash;
-
-  @NotEmpty
-  private String verifyServiceFriendlyName;
-
-  public String getAccountId() {
-    return accountId;
-  }
-
-  @VisibleForTesting
-  public void setAccountId(String accountId) {
-    this.accountId = accountId;
-  }
-
-  public String getAccountToken() {
-    return accountToken;
-  }
-
-  @VisibleForTesting
-  public void setAccountToken(String accountToken) {
-    this.accountToken = accountToken;
-  }
-  public String getLocalDomain() {
-    return localDomain;
-  }
-
-  @VisibleForTesting
-  public void setLocalDomain(String localDomain) {
-    this.localDomain = localDomain;
-  }
-
-  public String getMessagingServiceSid() {
-    return messagingServiceSid;
-  }
-
-  @VisibleForTesting
-  public void setMessagingServiceSid(String messagingServiceSid) {
-    this.messagingServiceSid = messagingServiceSid;
-  }
-
-  public String getNanpaMessagingServiceSid() {
-    return nanpaMessagingServiceSid;
-  }
-
-  @VisibleForTesting
-  public void setNanpaMessagingServiceSid(String nanpaMessagingServiceSid) {
-    this.nanpaMessagingServiceSid = nanpaMessagingServiceSid;
-  }
-
-  public String getVerifyServiceSid() {
-    return verifyServiceSid;
-  }
-
-  @VisibleForTesting
-  public void setVerifyServiceSid(String verifyServiceSid) {
-    this.verifyServiceSid = verifyServiceSid;
-  }
-
-  public CircuitBreakerConfiguration getCircuitBreaker() {
-    return circuitBreaker;
-  }
-
-  @VisibleForTesting
-  public void setCircuitBreaker(CircuitBreakerConfiguration circuitBreaker) {
-    this.circuitBreaker = circuitBreaker;
-  }
-
-  public RetryConfiguration getRetry() {
-    return retry;
-  }
-
-  @VisibleForTesting
-  public void setRetry(RetryConfiguration retry) {
-    this.retry = retry;
-  }
-
-  public TwilioVerificationTextConfiguration getDefaultClientVerificationTexts() {
-    return defaultClientVerificationTexts;
-  }
-
-  @VisibleForTesting
-  public void setDefaultClientVerificationTexts(TwilioVerificationTextConfiguration defaultClientVerificationTexts) {
-    this.defaultClientVerificationTexts = defaultClientVerificationTexts;
-  }
-
-
-  public Map<String,TwilioVerificationTextConfiguration> getRegionalClientVerificationTexts() {
-    return regionalClientVerificationTexts;
-  }
-
-  @VisibleForTesting
-  public void setRegionalClientVerificationTexts(final Map<String,TwilioVerificationTextConfiguration> regionalClientVerificationTexts) {
-    this.regionalClientVerificationTexts = regionalClientVerificationTexts;
-  }
-
-  public String getAndroidAppHash() {
-    return androidAppHash;
-  }
-
-  public void setAndroidAppHash(String androidAppHash) {
-    this.androidAppHash = androidAppHash;
-  }
-
-  public void setVerifyServiceFriendlyName(String serviceFriendlyName) {
-    this.verifyServiceFriendlyName = serviceFriendlyName;
-  }
-
-  public String getVerifyServiceFriendlyName() {
-    return verifyServiceFriendlyName;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/TwilioCountrySenderIdConfiguration.java

@@ -1,36 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.google.common.annotations.VisibleForTesting;
-
-import javax.validation.constraints.NotEmpty;
-
-public class TwilioCountrySenderIdConfiguration {
-  @NotEmpty
-  private String countryCode;
-
-  @NotEmpty
-  private String senderId;
-
-  public String getCountryCode() {
-    return countryCode;
-  }
-
-  @VisibleForTesting
-  public void setCountryCode(String countryCode) {
-    this.countryCode = countryCode;
-  }
-
-  public String getSenderId() {
-    return senderId;
-  }
-
-  @VisibleForTesting
-  public void setSenderId(String senderId) {
-    this.senderId = senderId;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/TwilioVerificationTextConfiguration.java

@@ -1,67 +0,0 @@
-package org.whispersystems.textsecuregcm.configuration;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import javax.validation.constraints.NotEmpty;
-
-public class TwilioVerificationTextConfiguration {
-
-  @JsonProperty
-  @NotEmpty
-  private String ios;
-
-  @JsonProperty
-  @NotEmpty
-  private String androidNg;
-
-  @JsonProperty
-  @NotEmpty
-  private String android202001;
-
-  @JsonProperty
-  @NotEmpty
-  private String android202103;
-
-  @JsonProperty
-  @NotEmpty
-  private String generic;
-
-  public String getIosText() {
-    return ios;
-  }
-
-  public void setIosText(String ios) {
-    this.ios = ios;
-  }
-
-  public String getAndroidNgText() {
-    return androidNg;
-  }
-
-  public void setAndroidNgText(final String androidNg) {
-    this.androidNg = androidNg;
-  }
-
-  public String getAndroid202001Text() {
-    return android202001;
-  }
-
-  public void setAndroid202001Text(final String android202001) {
-    this.android202001 = android202001;
-  }
-
-  public String getAndroid202103Text() {
-    return android202103;
-  }
-
-  public void setAndroid202103Text(final String android202103) {
-    this.android202103 = android202103;
-  }
-
-  public String getGenericText() {
-    return generic;
-  }
-
-  public void setGenericText(final String generic) {
-    this.generic = generic;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/configuration/UsernameConfiguration.java

@@ -13,7 +13,7 @@ public class UsernameConfiguration {
 
   @JsonProperty
   @Min(1)
-  private int discriminatorInitialWidth = 4;
+  private int discriminatorInitialWidth = 2;
 
   @JsonProperty
   @Min(1)

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicCaptchaConfiguration.java

@@ -1,3 +1,8 @@
+/*
+ * Copyright 2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
 package org.whispersystems.textsecuregcm.configuration.dynamic;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
@@ -17,6 +22,12 @@ public class DynamicCaptchaConfiguration {
   @NotNull
   private BigDecimal scoreFloor;
 
+  @JsonProperty
+  private boolean allowHCaptcha = false;
+
+  @JsonProperty
+  private boolean allowRecaptcha = true;
+
   @JsonProperty
   @NotNull
   private Set<String> signupCountryCodes = Collections.emptySet();
@@ -46,4 +57,22 @@ public class DynamicCaptchaConfiguration {
   public Set<String> getSignupRegions() {
     return signupRegions;
   }
+
+  public boolean isAllowHCaptcha() {
+    return allowHCaptcha;
+  }
+
+  public boolean isAllowRecaptcha() {
+    return allowRecaptcha;
+  }
+
+  @VisibleForTesting
+  public void setAllowHCaptcha(final boolean allowHCaptcha) {
+    this.allowHCaptcha = allowHCaptcha;
+  }
+
+  @VisibleForTesting
+  public void setScoreFloor(final BigDecimal scoreFloor) {
+    this.scoreFloor = scoreFloor;
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfiguration.java

@@ -29,10 +29,6 @@ public class DynamicConfiguration {
   @Valid
   private DynamicPaymentsConfiguration payments = new DynamicPaymentsConfiguration();
 
-  @JsonProperty
-  @Valid
-  private DynamicTwilioConfiguration twilio = new DynamicTwilioConfiguration();
-
   @JsonProperty
   @Valid
   private DynamicCaptchaConfiguration captcha = new DynamicCaptchaConfiguration();
@@ -86,15 +82,6 @@ public class DynamicConfiguration {
     return payments;
   }
 
-  public DynamicTwilioConfiguration getTwilioConfiguration() {
-    return twilio;
-  }
-
-  @VisibleForTesting
-  public void setTwilioConfiguration(DynamicTwilioConfiguration twilioConfiguration) {
-    this.twilio = twilioConfiguration;
-  }
-
   public DynamicCaptchaConfiguration getCaptchaConfiguration() {
     return captcha;
   }

service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicTwilioConfiguration.java

@@ -1,23 +0,0 @@
-package org.whispersystems.textsecuregcm.configuration.dynamic;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.google.common.annotations.VisibleForTesting;
-import javax.validation.constraints.NotNull;
-import java.util.Collections;
-import java.util.List;
-
-public class DynamicTwilioConfiguration {
-
-  @JsonProperty
-  @NotNull
-  private List<String> numbers = Collections.emptyList();
-
-  public List<String> getNumbers() {
-    return numbers;
-  }
-
-  @VisibleForTesting
-  public void setNumbers(List<String> numbers) {
-    this.numbers = numbers;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java

@@ -11,20 +11,25 @@ import com.codahale.metrics.MetricRegistry;
 import com.codahale.metrics.SharedMetricRegistries;
 import com.codahale.metrics.annotation.Timed;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.net.HttpHeaders;
+import com.google.i18n.phonenumbers.NumberParseException;
+import com.google.i18n.phonenumbers.PhoneNumberUtil;
+import com.google.i18n.phonenumbers.Phonenumber;
 import io.dropwizard.auth.Auth;
+import io.micrometer.core.instrument.DistributionSummary;
 import io.micrometer.core.instrument.Metrics;
 import io.micrometer.core.instrument.Tag;
 import io.micrometer.core.instrument.Tags;
+import java.io.IOException;
 import java.security.SecureRandom;
+import java.time.Clock;
 import java.time.Duration;
+import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 import java.util.Optional;
 import java.util.UUID;
-import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionException;
 import javax.annotation.Nullable;
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
@@ -50,6 +55,7 @@ import javax.ws.rs.core.Response.Status;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.abuse.FilterAbusiveMessages;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.auth.AuthenticationCredentials;
 import org.whispersystems.textsecuregcm.auth.BasicAuthorizationHeader;
@@ -61,6 +67,8 @@ import org.whispersystems.textsecuregcm.auth.StoredRegistrationLock;
 import org.whispersystems.textsecuregcm.auth.StoredVerificationCode;
 import org.whispersystems.textsecuregcm.auth.TurnToken;
 import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
+import org.whispersystems.textsecuregcm.captcha.AssessmentResult;
+import org.whispersystems.textsecuregcm.captcha.CaptchaChecker;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicCaptchaConfiguration;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
 import org.whispersystems.textsecuregcm.entities.AccountAttributes;
@@ -82,12 +90,12 @@ import org.whispersystems.textsecuregcm.entities.UsernameResponse;
 import org.whispersystems.textsecuregcm.limits.RateLimiter;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
+import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.push.PushNotification;
 import org.whispersystems.textsecuregcm.push.PushNotificationManager;
-import org.whispersystems.textsecuregcm.recaptcha.RecaptchaClient;
-import org.whispersystems.textsecuregcm.sms.SmsSender;
-import org.whispersystems.textsecuregcm.sms.TwilioVerifyExperimentEnrollmentManager;
-import org.whispersystems.textsecuregcm.storage.AbusiveHostRules;
+import org.whispersystems.textsecuregcm.registration.ClientType;
+import org.whispersystems.textsecuregcm.registration.MessageTransport;
+import org.whispersystems.textsecuregcm.registration.RegistrationServiceClient;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.AccountsManager;
 import org.whispersystems.textsecuregcm.storage.ChangeNumberManager;
@@ -97,13 +105,13 @@ import org.whispersystems.textsecuregcm.storage.StoredVerificationCodeManager;
 import org.whispersystems.textsecuregcm.storage.UsernameNotAvailableException;
 import org.whispersystems.textsecuregcm.storage.UsernameReservationNotFoundException;
 import org.whispersystems.textsecuregcm.util.Constants;
-import org.whispersystems.textsecuregcm.util.ForwardedIpUtil;
+import org.whispersystems.textsecuregcm.util.HeaderUtils;
 import org.whispersystems.textsecuregcm.util.Hex;
 import org.whispersystems.textsecuregcm.util.ImpossiblePhoneNumberException;
 import org.whispersystems.textsecuregcm.util.NonNormalizedPhoneNumberException;
+import org.whispersystems.textsecuregcm.util.Optionals;
 import org.whispersystems.textsecuregcm.util.UsernameGenerator;
 import org.whispersystems.textsecuregcm.util.Util;
-import org.whispersystems.textsecuregcm.util.VerificationCode;
 
 @SuppressWarnings("OptionalUsedAsFieldOrParameterType")
 @Path("/v1/accounts")
@@ -111,8 +119,6 @@ public class AccountController {
 
   private final Logger         logger                   = LoggerFactory.getLogger(AccountController.class);
   private final MetricRegistry metricRegistry           = SharedMetricRegistries.getOrCreate(Constants.METRICS_NAME);
-  private final Meter          blockedHostMeter         = metricRegistry.meter(name(AccountController.class, "blocked_host"             ));
-  private final Meter          countryFilterApplicable  = metricRegistry.meter(name(AccountController.class, "country_filter_applicable"));
   private final Meter          countryFilteredHostMeter = metricRegistry.meter(name(AccountController.class, "country_limited_host"     ));
   private final Meter          rateLimitedHostMeter     = metricRegistry.meter(name(AccountController.class, "rate_limited_host"        ));
   private final Meter          rateLimitedPrefixMeter   = metricRegistry.meter(name(AccountController.class, "rate_limited_prefix"      ));
@@ -124,62 +130,99 @@ public class AccountController {
   private static final String CAPTCHA_ATTEMPT_COUNTER_NAME = name(AccountController.class, "captcha");
   private static final String CHALLENGE_ISSUED_COUNTER_NAME = name(AccountController.class, "challengeIssued");
 
-  private static final String TWILIO_VERIFY_ERROR_COUNTER_NAME = name(AccountController.class, "twilioVerifyError");
+  private static final DistributionSummary REREGISTRATION_IDLE_DAYS_DISTRIBUTION = DistributionSummary
+      .builder(name(AccountController.class, "reregistrationIdleDays"))
+      .publishPercentiles(0.75, 0.95, 0.99, 0.999)
+      .distributionStatisticExpiry(Duration.ofHours(2))
+      .register(Metrics.globalRegistry);
 
-  private static final String INVALID_ACCEPT_LANGUAGE_COUNTER_NAME = name(AccountController.class, "invalidAcceptLanguage");
   private static final String NONSTANDARD_USERNAME_COUNTER_NAME = name(AccountController.class, "nonStandardUsername");
 
+  private static final String LOCKED_ACCOUNT_COUNTER_NAME = name(AccountController.class, "lockedAccount");
+
   private static final String CHALLENGE_PRESENT_TAG_NAME = "present";
   private static final String CHALLENGE_MATCH_TAG_NAME = "matches";
   private static final String COUNTRY_CODE_TAG_NAME = "countryCode";
-  private static final String REGION_TAG_NAME = "region";
-  private static final String VERIFICATION_TRANSPORT_TAG_NAME = "transport";
 
-  private static final String VERIFY_EXPERIMENT_TAG_NAME = "twilioVerify";
+  /**
+   * @deprecated "region" conflicts with cloud provider region tags; prefer "regionCode" instead
+   */
+  @Deprecated
+  private static final String REGION_TAG_NAME = "region";
+  private static final String REGION_CODE_TAG_NAME = "regionCode";
+  private static final String VERIFICATION_TRANSPORT_TAG_NAME = "transport";
+  private static final String SCORE_TAG_NAME = "score";
+  private static final String LOCK_REASON_TAG_NAME = "lockReason";
+  private static final String ALREADY_LOCKED_TAG_NAME = "alreadyLocked";
 
 
   private final StoredVerificationCodeManager      pendingAccounts;
   private final AccountsManager                    accounts;
-  private final AbusiveHostRules                   abusiveHostRules;
   private final RateLimiters                       rateLimiters;
-  private final SmsSender                          smsSender;
+  private final RegistrationServiceClient          registrationServiceClient;
   private final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager;
   private final TurnTokenGenerator                 turnTokenGenerator;
   private final Map<String, Integer>               testDevices;
-  private final RecaptchaClient recaptchaClient;
+  private final CaptchaChecker                     captchaChecker;
   private final PushNotificationManager            pushNotificationManager;
   private final ExternalServiceCredentialGenerator backupServiceCredentialGenerator;
 
-  private final TwilioVerifyExperimentEnrollmentManager verifyExperimentEnrollmentManager;
   private final ChangeNumberManager changeNumberManager;
+  private final Clock clock;
 
-  public AccountController(StoredVerificationCodeManager pendingAccounts,
-                           AccountsManager accounts,
-                           AbusiveHostRules abusiveHostRules,
-                           RateLimiters rateLimiters,
-                           SmsSender smsSenderFactory,
-                           DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager,
-                           TurnTokenGenerator turnTokenGenerator,
-                           Map<String, Integer> testDevices,
-                           RecaptchaClient recaptchaClient,
-                           PushNotificationManager pushNotificationManager,
-                           TwilioVerifyExperimentEnrollmentManager verifyExperimentEnrollmentManager,
-                           ChangeNumberManager changeNumberManager,
-                           ExternalServiceCredentialGenerator backupServiceCredentialGenerator)
-  {
-    this.pendingAccounts                   = pendingAccounts;
-    this.accounts                          = accounts;
-    this.abusiveHostRules                  = abusiveHostRules;
-    this.rateLimiters                      = rateLimiters;
-    this.smsSender                         = smsSenderFactory;
-    this.dynamicConfigurationManager       = dynamicConfigurationManager;
-    this.testDevices                       = testDevices;
-    this.turnTokenGenerator                = turnTokenGenerator;
-    this.recaptchaClient = recaptchaClient;
-    this.pushNotificationManager           = pushNotificationManager;
-    this.verifyExperimentEnrollmentManager = verifyExperimentEnrollmentManager;
+  private final ClientPresenceManager clientPresenceManager;
+
+  @VisibleForTesting
+  static final Duration REGISTRATION_RPC_TIMEOUT = Duration.ofSeconds(15);
+
+  public AccountController(
+      StoredVerificationCodeManager pendingAccounts,
+      AccountsManager accounts,
+      RateLimiters rateLimiters,
+      RegistrationServiceClient registrationServiceClient,
+      DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager,
+      TurnTokenGenerator turnTokenGenerator,
+      Map<String, Integer> testDevices,
+      CaptchaChecker captchaChecker,
+      PushNotificationManager pushNotificationManager,
+      ChangeNumberManager changeNumberManager,
+      ExternalServiceCredentialGenerator backupServiceCredentialGenerator,
+      ClientPresenceManager clientPresenceManager,
+      Clock clock
+  ) {
+    this.pendingAccounts = pendingAccounts;
+    this.accounts = accounts;
+    this.rateLimiters = rateLimiters;
+    this.registrationServiceClient = registrationServiceClient;
+    this.dynamicConfigurationManager = dynamicConfigurationManager;
+    this.testDevices = testDevices;
+    this.turnTokenGenerator = turnTokenGenerator;
+    this.captchaChecker = captchaChecker;
+    this.pushNotificationManager = pushNotificationManager;
     this.backupServiceCredentialGenerator = backupServiceCredentialGenerator;
     this.changeNumberManager = changeNumberManager;
+    this.clientPresenceManager = clientPresenceManager;
+    this.clock = clock;
+  }
+
+  @VisibleForTesting
+  public AccountController(
+      StoredVerificationCodeManager pendingAccounts,
+      AccountsManager accounts,
+      RateLimiters rateLimiters,
+      RegistrationServiceClient registrationServiceClient,
+      DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager,
+      TurnTokenGenerator turnTokenGenerator,
+      Map<String, Integer> testDevices,
+      CaptchaChecker captchaChecker,
+      PushNotificationManager pushNotificationManager,
+      ChangeNumberManager changeNumberManager,
+      ExternalServiceCredentialGenerator backupServiceCredentialGenerator
+  ) {
+    this(pendingAccounts, accounts, rateLimiters,
+        registrationServiceClient, dynamicConfigurationManager, turnTokenGenerator, testDevices, captchaChecker,
+        pushNotificationManager, changeNumberManager,
+        backupServiceCredentialGenerator, null, Clock.systemUTC());
   }
 
   @Timed
@@ -190,7 +233,7 @@ public class AccountController {
                              @PathParam("token") String pushToken,
                              @PathParam("number") String number,
                              @QueryParam("voip") @DefaultValue("true") boolean useVoip)
-      throws ImpossiblePhoneNumberException, NonNormalizedPhoneNumberException {
+      throws ImpossiblePhoneNumberException, NonNormalizedPhoneNumberException, RateLimitExceededException {
 
     final PushNotification.TokenType tokenType = switch(pushType) {
       case "apn" -> useVoip ? PushNotification.TokenType.APN_VOIP : PushNotification.TokenType.APN;
@@ -200,14 +243,21 @@ public class AccountController {
 
     Util.requireNormalizedNumber(number);
 
-    String                 pushChallenge          = generatePushChallenge();
-    StoredVerificationCode storedVerificationCode = new StoredVerificationCode(null,
-                                                                               System.currentTimeMillis(),
-                                                                               pushChallenge,
-                                                                               null);
+    final Phonenumber.PhoneNumber phoneNumber;
+    try {
+      phoneNumber = PhoneNumberUtil.getInstance().parse(number, null);
+    } catch (final NumberParseException e) {
+      // This should never happen since we just verified that the number is already normalized
+      throw new BadRequestException("Bad phone number");
+    }
+
+    final String pushChallenge = generatePushChallenge();
+    final byte[] sessionId = createRegistrationSession(phoneNumber);
+    final StoredVerificationCode storedVerificationCode =
+        new StoredVerificationCode(null, clock.millis(), pushChallenge, sessionId);
 
     pendingAccounts.store(number, storedVerificationCode);
-    pushNotificationManager.sendRegistrationChallengeNotification(pushToken, tokenType, storedVerificationCode.getPushCode());
+    pushNotificationManager.sendRegistrationChallengeNotification(pushToken, tokenType, storedVerificationCode.pushCode());
 
     return Response.ok().build();
   }
@@ -215,39 +265,59 @@ public class AccountController {
   @Timed
   @GET
   @Path("/{transport}/code/{number}")
+  @FilterAbusiveMessages
   @Produces(MediaType.APPLICATION_JSON)
   public Response createAccount(@PathParam("transport")         String transport,
                                 @PathParam("number")            String number,
-                                @HeaderParam("X-Forwarded-For") String forwardedFor,
-                                @HeaderParam("User-Agent")      String userAgent,
-                                @HeaderParam("Accept-Language") Optional<String> acceptLanguage,
+                                @HeaderParam(HttpHeaders.X_FORWARDED_FOR) String forwardedFor,
+                                @HeaderParam(HttpHeaders.USER_AGENT)      String userAgent,
+                                @HeaderParam(HttpHeaders.ACCEPT_LANGUAGE) Optional<String> acceptLanguage,
                                 @QueryParam("client")           Optional<String> client,
                                 @QueryParam("captcha")          Optional<String> captcha,
                                 @QueryParam("challenge")        Optional<String> pushChallenge)
-      throws RateLimitExceededException, ImpossiblePhoneNumberException, NonNormalizedPhoneNumberException {
+      throws RateLimitExceededException, ImpossiblePhoneNumberException, NonNormalizedPhoneNumberException, IOException {
 
     Util.requireNormalizedNumber(number);
 
-    String sourceHost = ForwardedIpUtil.getMostRecentProxy(forwardedFor).orElseThrow();
+    final String sourceHost = HeaderUtils.getMostRecentProxy(forwardedFor).orElseThrow();
+    final Optional<StoredVerificationCode> maybeStoredVerificationCode = pendingAccounts.getCodeForNumber(number);
 
-    Optional<StoredVerificationCode> storedChallenge = pendingAccounts.getCodeForNumber(number);
-    CaptchaRequirement requirement = requiresCaptcha(number, transport, forwardedFor, sourceHost, captcha,
-        storedChallenge, pushChallenge, userAgent);
+    final String countryCode = Util.getCountryCode(number);
+    final String region = Util.getRegion(number);
 
-    if (requirement.isCaptchaRequired()) {
+    // if there's a captcha, assess it, otherwise check if we need a captcha
+    final Optional<AssessmentResult> assessmentResult = captcha.isPresent()
+        ? Optional.of(captchaChecker.verify(captcha.get(), sourceHost))
+        : Optional.empty();
+
+    assessmentResult.ifPresent(result ->
+        Metrics.counter(CAPTCHA_ATTEMPT_COUNTER_NAME, Tags.of(
+                Tag.of("success", String.valueOf(result.valid())),
+                UserAgentTagUtil.getPlatformTag(userAgent),
+                Tag.of(COUNTRY_CODE_TAG_NAME, countryCode),
+                Tag.of(REGION_TAG_NAME, region),
+                Tag.of(REGION_CODE_TAG_NAME, region),
+                Tag.of(SCORE_TAG_NAME, result.score())))
+            .increment());
+
+    final boolean pushChallengeMatch = pushChallengeMatches(number, pushChallenge, maybeStoredVerificationCode);
+
+    if (pushChallenge.isPresent() && !pushChallengeMatch) {
+      throw new WebApplicationException(Response.status(403).build());
+    }
+
+    final boolean requiresCaptcha = assessmentResult
+        .map(result -> !result.valid())
+        .orElseGet(() -> requiresCaptcha(number, transport, forwardedFor, sourceHost, pushChallengeMatch));
+
+    if (requiresCaptcha) {
       captchaRequiredMeter.mark();
-
       Metrics.counter(CHALLENGE_ISSUED_COUNTER_NAME, Tags.of(
               UserAgentTagUtil.getPlatformTag(userAgent),
               Tag.of(COUNTRY_CODE_TAG_NAME, Util.getCountryCode(number)),
-              Tag.of(REGION_TAG_NAME, Util.getRegion(number))))
+              Tag.of(REGION_TAG_NAME, Util.getRegion(number)),
+              Tag.of(REGION_CODE_TAG_NAME, region)))
           .increment();
-
-      if (requirement.isAutoBlock() && shouldAutoBlock(sourceHost)) {
-        logger.info("Auto-block: {}", sourceHost);
-        abusiveHostRules.setBlockedHost(sourceHost);
-      }
-
       return Response.status(402).build();
     }
 
@@ -260,80 +330,55 @@ public class AccountController {
       default -> throw new WebApplicationException(Response.status(422).build());
     }
 
-    VerificationCode       verificationCode       = generateVerificationCode(number);
-    StoredVerificationCode storedVerificationCode = new StoredVerificationCode(verificationCode.getVerificationCode(),
-        System.currentTimeMillis(),
-        storedChallenge.map(StoredVerificationCode::getPushCode).orElse(null),
-        storedChallenge.flatMap(StoredVerificationCode::getTwilioVerificationSid).orElse(null));
+    final Phonenumber.PhoneNumber phoneNumber;
+
+    try {
+      phoneNumber = PhoneNumberUtil.getInstance().parse(number, null);
+    } catch (final NumberParseException e) {
+      throw new WebApplicationException(Response.status(422).build());
+    }
+
+    final MessageTransport messageTransport = switch (transport) {
+      case "sms" -> MessageTransport.SMS;
+      case "voice" -> MessageTransport.VOICE;
+      default -> throw new WebApplicationException(Response.status(422).build());
+    };
+
+    final ClientType clientType = client.map(clientTypeString -> {
+      if ("ios".equalsIgnoreCase(clientTypeString)) {
+        return ClientType.IOS;
+      } else if ("android-2021-03".equalsIgnoreCase(clientTypeString)) {
+        return ClientType.ANDROID_WITH_FCM;
+      } else if (StringUtils.startsWithIgnoreCase(clientTypeString, "android")) {
+        return ClientType.ANDROID_WITHOUT_FCM;
+      } else {
+        return ClientType.UNKNOWN;
+      }
+    }).orElse(ClientType.UNKNOWN);
+
+    // During the transition to explicit session creation, some previously-stored records may not have a session ID;
+    // after the transition, we can assume that any existing record has an associated session ID.
+    final byte[] sessionId =  maybeStoredVerificationCode.isPresent() && maybeStoredVerificationCode.get().sessionId() != null ?
+        maybeStoredVerificationCode.get().sessionId() : createRegistrationSession(phoneNumber);
+
+    registrationServiceClient.sendRegistrationCode(sessionId,
+        messageTransport,
+        clientType,
+        acceptLanguage.orElse(null),
+        REGISTRATION_RPC_TIMEOUT).join();
+
+    final StoredVerificationCode storedVerificationCode = new StoredVerificationCode(null,
+        clock.millis(),
+        maybeStoredVerificationCode.map(StoredVerificationCode::pushCode).orElse(null),
+        sessionId);
 
     pendingAccounts.store(number, storedVerificationCode);
 
-    List<Locale.LanguageRange> languageRanges;
-    try {
-      languageRanges = acceptLanguage.map(Locale.LanguageRange::parse).orElse(Collections.emptyList());
-    } catch (final IllegalArgumentException e) {
-      logger.debug("Could not get acceptable languages; Accept-Language: {}; User-Agent: {}",
-          acceptLanguage.orElse(""),
-          userAgent,
-          e);
-
-      Metrics.counter(INVALID_ACCEPT_LANGUAGE_COUNTER_NAME, Tags.of(UserAgentTagUtil.getPlatformTag(userAgent))).increment();
-      languageRanges = Collections.emptyList();
-    }
-
-    final boolean enrolledInVerifyExperiment = verifyExperimentEnrollmentManager.isEnrolled(client, number, languageRanges, transport);
-    final CompletableFuture<Optional<String>> sendVerificationWithTwilioVerifyFuture;
-
-    if (testDevices.containsKey(number)) {
-      // noop
-      sendVerificationWithTwilioVerifyFuture = CompletableFuture.completedFuture(Optional.empty());
-    } else if (transport.equals("sms")) {
-
-      if (enrolledInVerifyExperiment) {
-        sendVerificationWithTwilioVerifyFuture = smsSender.deliverSmsVerificationWithTwilioVerify(number, client, verificationCode.getVerificationCode(), languageRanges);
-      } else {
-        smsSender.deliverSmsVerification(number, client, verificationCode.getVerificationCodeDisplay());
-        sendVerificationWithTwilioVerifyFuture = CompletableFuture.completedFuture(Optional.empty());
-      }
-    } else if (transport.equals("voice")) {
-
-      if (enrolledInVerifyExperiment) {
-        sendVerificationWithTwilioVerifyFuture = smsSender.deliverVoxVerificationWithTwilioVerify(number, verificationCode.getVerificationCode(), languageRanges);
-      } else {
-        smsSender.deliverVoxVerification(number, verificationCode.getVerificationCode(), languageRanges);
-        sendVerificationWithTwilioVerifyFuture = CompletableFuture.completedFuture(Optional.empty());
-      }
-
-    } else {
-      sendVerificationWithTwilioVerifyFuture = CompletableFuture.completedFuture(Optional.empty());
-    }
-
-    sendVerificationWithTwilioVerifyFuture.whenComplete((maybeVerificationSid, throwable) -> {
-      if (throwable != null) {
-        Metrics.counter(TWILIO_VERIFY_ERROR_COUNTER_NAME).increment();
-
-        logger.warn("Error with Twilio Verify", throwable);
-        return;
-      }
-      maybeVerificationSid.ifPresent(twilioVerificationSid -> {
-        StoredVerificationCode storedVerificationCodeWithVerificationSid = new StoredVerificationCode(
-            storedVerificationCode.getCode(),
-            storedVerificationCode.getTimestamp(),
-            storedVerificationCode.getPushCode(),
-            twilioVerificationSid);
-        pendingAccounts.store(number, storedVerificationCodeWithVerificationSid);
-      });
-    });
-
-    // TODO Remove this meter when external dependencies have been resolved
-    metricRegistry.meter(name(AccountController.class, "create", Util.getCountryCode(number))).mark();
-
     Metrics.counter(ACCOUNT_CREATE_COUNTER_NAME, Tags.of(
             UserAgentTagUtil.getPlatformTag(userAgent),
             Tag.of(COUNTRY_CODE_TAG_NAME, Util.getCountryCode(number)),
             Tag.of(REGION_TAG_NAME, Util.getRegion(number)),
-            Tag.of(VERIFICATION_TRANSPORT_TAG_NAME, transport),
-            Tag.of(VERIFY_EXPERIMENT_TAG_NAME, String.valueOf(enrolledInVerifyExperiment))))
+            Tag.of(VERIFICATION_TRANSPORT_TAG_NAME, transport)))
         .increment();
 
     return Response.ok().build();
@@ -345,9 +390,9 @@ public class AccountController {
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/code/{verification_code}")
   public AccountIdentityResponse verifyAccount(@PathParam("verification_code") String verificationCode,
-                                             @HeaderParam("Authorization") BasicAuthorizationHeader authorizationHeader,
-                                             @HeaderParam("X-Signal-Agent") String signalAgent,
-                                             @HeaderParam("User-Agent") String userAgent,
+                                             @HeaderParam(HttpHeaders.AUTHORIZATION) BasicAuthorizationHeader authorizationHeader,
+                                             @HeaderParam(HeaderUtils.X_SIGNAL_AGENT) String signalAgent,
+                                             @HeaderParam(HttpHeaders.USER_AGENT) String userAgent,
                                              @QueryParam("transfer") Optional<Boolean> availableForTransfer,
                                              @NotNull @Valid AccountAttributes accountAttributes)
       throws RateLimitExceededException, InterruptedException {
@@ -360,18 +405,23 @@ public class AccountController {
     // Note that successful verification depends on being able to find a stored verification code for the given number.
     // We check that numbers are normalized before we store verification codes, and so don't need to re-assert
     // normalization here.
-    Optional<StoredVerificationCode> storedVerificationCode = pendingAccounts.getCodeForNumber(number);
+    final boolean codeVerified = pendingAccounts.getCodeForNumber(number).map(storedVerificationCode ->
+            registrationServiceClient.checkVerificationCode(storedVerificationCode.sessionId(),
+                verificationCode, REGISTRATION_RPC_TIMEOUT).join())
+        .orElse(false);
 
-    if (storedVerificationCode.isEmpty() || !storedVerificationCode.get().isValid(verificationCode)) {
+    if (!codeVerified) {
       throw new WebApplicationException(Response.status(403).build());
     }
 
-    storedVerificationCode.flatMap(StoredVerificationCode::getTwilioVerificationSid)
-        .ifPresent(
-            verificationSid -> smsSender.reportVerificationSucceeded(verificationSid, userAgent, "registration"));
-
     Optional<Account> existingAccount = accounts.getByE164(number);
 
+    existingAccount.ifPresent(account -> {
+      Instant accountLastSeen = Instant.ofEpochMilli(account.getLastSeen());
+      Duration timeSinceLastSeen = Duration.between(accountLastSeen, Instant.now());
+      REREGISTRATION_IDLE_DAYS_DISTRIBUTION.record(timeSinceLastSeen.toDays());
+    });
+
     if (existingAccount.isPresent()) {
       verifyRegistrationLock(existingAccount.get(), accountAttributes.getRegistrationLock());
     }
@@ -390,7 +440,7 @@ public class AccountController {
     Metrics.counter(ACCOUNT_VERIFY_COUNTER_NAME, Tags.of(UserAgentTagUtil.getPlatformTag(userAgent),
             Tag.of(COUNTRY_CODE_TAG_NAME, Util.getCountryCode(number)),
             Tag.of(REGION_TAG_NAME, Util.getRegion(number)),
-            Tag.of(VERIFY_EXPERIMENT_TAG_NAME, String.valueOf(storedVerificationCode.get().getTwilioVerificationSid().isPresent()))))
+            Tag.of(REGION_CODE_TAG_NAME, Util.getRegion(number))))
         .increment();
 
     return new AccountIdentityResponse(account.getUuid(),
@@ -406,7 +456,7 @@ public class AccountController {
   @Produces(MediaType.APPLICATION_JSON)
   public AccountIdentityResponse changeNumber(@Auth final AuthenticatedAccount authenticatedAccount,
       @NotNull @Valid final ChangePhoneNumberRequest request,
-      @HeaderParam("User-Agent") String userAgent)
+      @HeaderParam(HttpHeaders.USER_AGENT) String userAgent)
       throws RateLimitExceededException, InterruptedException, ImpossiblePhoneNumberException, NonNormalizedPhoneNumberException {
 
     if (!authenticatedAccount.getAuthenticatedDevice().isMaster()) {
@@ -421,17 +471,15 @@ public class AccountController {
 
       rateLimiters.getVerifyLimiter().validate(number);
 
-      final Optional<StoredVerificationCode> storedVerificationCode =
-          pendingAccounts.getCodeForNumber(number);
+      final boolean codeVerified = pendingAccounts.getCodeForNumber(number).map(storedVerificationCode ->
+              registrationServiceClient.checkVerificationCode(storedVerificationCode.sessionId(),
+                      request.code(), REGISTRATION_RPC_TIMEOUT).join())
+          .orElse(false);
 
-      if (storedVerificationCode.isEmpty() || !storedVerificationCode.get().isValid(request.code())) {
+      if (!codeVerified) {
         throw new ForbiddenException();
       }
 
-      storedVerificationCode.flatMap(StoredVerificationCode::getTwilioVerificationSid)
-          .ifPresent(
-              verificationSid -> smsSender.reportVerificationSucceeded(verificationSid, userAgent, "changeNumber"));
-
       final Optional<Account> existingAccount = accounts.getByE164(number);
 
       if (existingAccount.isPresent()) {
@@ -597,7 +645,7 @@ public class AccountController {
   @Produces(MediaType.APPLICATION_JSON)
   @ChangesDeviceEnabledState
   public void setAccountAttributes(@Auth DisabledPermittedAuthenticatedAccount disabledPermittedAuth,
-      @HeaderParam("X-Signal-Agent") String userAgent,
+      @HeaderParam(HeaderUtils.X_SIGNAL_AGENT) String userAgent,
       @NotNull @Valid AccountAttributes attributes) {
     Account account = disabledPermittedAuth.getAccount();
     long deviceId = disabledPermittedAuth.getAuthenticatedDevice().getId();
@@ -653,7 +701,7 @@ public class AccountController {
   @Produces(MediaType.APPLICATION_JSON)
   @Consumes(MediaType.APPLICATION_JSON)
   public ReserveUsernameResponse reserveUsername(@Auth AuthenticatedAccount auth,
-      @HeaderParam("X-Signal-Agent") String userAgent,
+      @HeaderParam(HeaderUtils.X_SIGNAL_AGENT) String userAgent,
       @NotNull @Valid ReserveUsernameRequest usernameRequest) throws RateLimitExceededException {
 
     rateLimiters.getUsernameReserveLimiter().validate(auth.getAccount().getUuid());
@@ -675,7 +723,7 @@ public class AccountController {
   @Produces(MediaType.APPLICATION_JSON)
   @Consumes(MediaType.APPLICATION_JSON)
   public UsernameResponse confirmUsername(@Auth AuthenticatedAccount auth,
-      @HeaderParam("X-Signal-Agent") String userAgent,
+      @HeaderParam(HeaderUtils.X_SIGNAL_AGENT) String userAgent,
       @NotNull @Valid ConfirmUsernameRequest confirmRequest) throws RateLimitExceededException {
     rateLimiters.getUsernameSetLimiter().validate(auth.getAccount().getUuid());
 
@@ -699,7 +747,7 @@ public class AccountController {
   @Consumes(MediaType.APPLICATION_JSON)
   public UsernameResponse setUsername(
       @Auth AuthenticatedAccount auth,
-      @HeaderParam("X-Signal-Agent") String userAgent,
+      @HeaderParam(HeaderUtils.X_SIGNAL_AGENT) String userAgent,
       @NotNull @Valid UsernameRequest usernameRequest) throws RateLimitExceededException {
     rateLimiters.getUsernameSetLimiter().validate(auth.getAccount().getUuid());
     checkUsername(usernameRequest.existingUsername(), userAgent);
@@ -721,8 +769,8 @@ public class AccountController {
   @Path("/username/{username}")
   @Produces(MediaType.APPLICATION_JSON)
   public AccountIdentifierResponse lookupUsername(
-      @HeaderParam("X-Signal-Agent") final String userAgent,
-      @HeaderParam("X-Forwarded-For") final String forwardedFor,
+      @HeaderParam(HeaderUtils.X_SIGNAL_AGENT) final String userAgent,
+      @HeaderParam(HttpHeaders.X_FORWARDED_FOR) final String forwardedFor,
       @PathParam("username") final String username,
       @Context final HttpServletRequest request) throws RateLimitExceededException {
 
@@ -745,7 +793,7 @@ public class AccountController {
   @HEAD
   @Path("/account/{uuid}")
   public Response accountExists(
-      @HeaderParam("X-Forwarded-For") final String forwardedFor,
+      @HeaderParam(HttpHeaders.X_FORWARDED_FOR) final String forwardedFor,
       @PathParam("uuid") final UUID uuid,
       @Context HttpServletRequest request) throws RateLimitExceededException {
 
@@ -763,7 +811,7 @@ public class AccountController {
   }
 
   private void rateLimitByClientIp(final RateLimiter rateLimiter, final String forwardedFor) throws RateLimitExceededException {
-    final String mostRecentProxy = ForwardedIpUtil.getMostRecentProxy(forwardedFor)
+    final String mostRecentProxy = HeaderUtils.getMostRecentProxy(forwardedFor)
         .orElseThrow(() -> {
           // Missing/malformed Forwarded-For, so we cannot check for a rate-limit.
           // This shouldn't happen, so conservatively assume we're over the rate-limit
@@ -787,98 +835,87 @@ public class AccountController {
         rateLimiters.getPinLimiter().validate(existingAccount.getNumber());
       }
 
+      final String phoneNumber = existingAccount.getNumber();
+
       if (!existingRegistrationLock.verify(clientRegistrationLock)) {
+        // At this point, the client verified ownership of the phone number but doesn’t have the reglock PIN.
+        // Freezing the existing account credentials will definitively start the reglock timeout.
+        // Until the timeout, the current reglock can still be supplied,
+        // along with phone number verification, to restore access.
+        /* boolean alreadyLocked = existingAccount.hasLockedCredentials();
+        Metrics.counter(LOCKED_ACCOUNT_COUNTER_NAME,
+                LOCK_REASON_TAG_NAME, "verifiedNumberFailedReglock",
+                ALREADY_LOCKED_TAG_NAME, Boolean.toString(alreadyLocked))
+            .increment();
+
+        final Account updatedAccount;
+        if (!alreadyLocked) {
+          updatedAccount = accounts.update(existingAccount, Account::lockAuthenticationCredentials);
+        } else {
+          updatedAccount = existingAccount;
+        }
+
+        List<Long> deviceIds = updatedAccount.getDevices().stream().map(Device::getId).toList();
+        clientPresenceManager.disconnectAllPresences(updatedAccount.getUuid(), deviceIds); */
+
         throw new WebApplicationException(Response.status(423)
             .entity(new RegistrationLockFailure(existingRegistrationLock.getTimeRemaining(),
                 existingRegistrationLock.needsFailureCredentials() ? existingBackupCredentials : null))
             .build());
       }
 
-      rateLimiters.getPinLimiter().clear(existingAccount.getNumber());
+      rateLimiters.getPinLimiter().clear(phoneNumber);
     }
   }
 
-  private CaptchaRequirement requiresCaptcha(String number, String transport, String forwardedFor,
-      String sourceHost,
-      Optional<String> captchaToken,
-      Optional<StoredVerificationCode> storedVerificationCode,
-      Optional<String> pushChallenge,
-      String userAgent)
-  {
+  @VisibleForTesting
+  static boolean pushChallengeMatches(
+      final String number,
+      final Optional<String> pushChallenge,
+      final Optional<StoredVerificationCode> storedVerificationCode) {
+
+    final String countryCode = Util.getCountryCode(number);
+    final String region = Util.getRegion(number);
+    final Optional<String> storedPushChallenge = storedVerificationCode.map(StoredVerificationCode::pushCode);
+
+    final boolean match = Optionals.zipWith(pushChallenge, storedPushChallenge, String::equals).orElse(false);
+
+    Metrics.counter(PUSH_CHALLENGE_COUNTER_NAME,
+            COUNTRY_CODE_TAG_NAME, countryCode,
+            REGION_TAG_NAME, region,
+            REGION_CODE_TAG_NAME, region,
+            CHALLENGE_PRESENT_TAG_NAME, Boolean.toString(pushChallenge.isPresent()),
+            CHALLENGE_MATCH_TAG_NAME, Boolean.toString(match))
+        .increment();
+
+    return match;
+  }
+
+  private boolean requiresCaptcha(String number, String transport, String forwardedFor, String sourceHost, boolean pushChallengeMatch) {
     if (testDevices.containsKey(number)) {
-      return new CaptchaRequirement(false, false);
+      return false;
+    }
+
+    if (!pushChallengeMatch) {
+      return true;
     }
 
     final String countryCode = Util.getCountryCode(number);
     final String region = Util.getRegion(number);
 
-    if (captchaToken.isPresent()) {
-      boolean validToken = recaptchaClient.verify(captchaToken.get(), sourceHost);
-
-      Metrics.counter(CAPTCHA_ATTEMPT_COUNTER_NAME, Tags.of(
-              Tag.of("success", String.valueOf(validToken)),
-              UserAgentTagUtil.getPlatformTag(userAgent),
-              Tag.of(COUNTRY_CODE_TAG_NAME, countryCode),
-              Tag.of(REGION_TAG_NAME, region)))
-          .increment();
-
-      if (validToken) {
-        return new CaptchaRequirement(false, false);
-      } else {
-        return new CaptchaRequirement(true, false);
-      }
-    }
-
-    {
-      final List<Tag> tags = new ArrayList<>();
-      tags.add(Tag.of(COUNTRY_CODE_TAG_NAME, countryCode));
-      tags.add(Tag.of(REGION_TAG_NAME, region));
-
-      try {
-        if (pushChallenge.isPresent()) {
-          tags.add(Tag.of(CHALLENGE_PRESENT_TAG_NAME, "true"));
-
-          Optional<String> storedPushChallenge = storedVerificationCode.map(StoredVerificationCode::getPushCode);
-
-          if (!pushChallenge.get().equals(storedPushChallenge.orElse(null))) {
-            tags.add(Tag.of(CHALLENGE_MATCH_TAG_NAME, "false"));
-            return new CaptchaRequirement(true, false);
-          } else {
-            tags.add(Tag.of(CHALLENGE_MATCH_TAG_NAME, "true"));
-          }
-        } else {
-          tags.add(Tag.of(CHALLENGE_PRESENT_TAG_NAME, "false"));
-
-          return new CaptchaRequirement(true, false);
-        }
-      } finally {
-        Metrics.counter(PUSH_CHALLENGE_COUNTER_NAME, tags).increment();
-      }
-    }
-
     DynamicCaptchaConfiguration captchaConfig = dynamicConfigurationManager.getConfiguration()
         .getCaptchaConfiguration();
 
     boolean countryFiltered = captchaConfig.getSignupCountryCodes().contains(countryCode) ||
         captchaConfig.getSignupRegions().contains(region);
 
-    if (abusiveHostRules.isBlocked(sourceHost)) {
-      blockedHostMeter.mark();
-      logger.info("Blocked host: {}, {}, {} ({})", transport, number, sourceHost, forwardedFor);
-      if (countryFiltered) {
-        // this host was caught in the abusiveHostRules filter, but
-        // would be caught by country filter as well
-        countryFilterApplicable.mark();
-      }
-      return new CaptchaRequirement(true, false);
-    }
-
     try {
       rateLimiters.getSmsVoiceIpLimiter().validate(sourceHost);
     } catch (RateLimitExceededException e) {
       logger.info("Rate limit exceeded: {}, {}, {} ({})", transport, number, sourceHost, forwardedFor);
       rateLimitedHostMeter.mark();
-      return new CaptchaRequirement(true, true);
+
+      return true;
     }
 
     try {
@@ -886,15 +923,16 @@ public class AccountController {
     } catch (RateLimitExceededException e) {
       logger.info("Prefix rate limit exceeded: {}, {}, {} ({})", transport, number, sourceHost, forwardedFor);
       rateLimitedPrefixMeter.mark();
-      return new CaptchaRequirement(true, true);
+
+      return true;
     }
 
     if (countryFiltered) {
       countryFilteredHostMeter.mark();
-      return new CaptchaRequirement(true, false);
+      return true;
     }
 
-    return new CaptchaRequirement(false, false);
+    return false;
   }
 
   @Timed
@@ -913,27 +951,6 @@ public class AccountController {
     }
   }
 
-  private boolean shouldAutoBlock(String sourceHost) {
-    try {
-      rateLimiters.getAutoBlockLimiter().validate(sourceHost);
-    } catch (RateLimitExceededException e) {
-      return true;
-    }
-
-    return false;
-  }
-
-  @VisibleForTesting protected
-  VerificationCode generateVerificationCode(String number) {
-    if (testDevices.containsKey(number)) {
-      return new VerificationCode(testDevices.get(number));
-    }
-
-    SecureRandom random = new SecureRandom();
-    int randomInt       = 100000 + random.nextInt(900000);
-    return new VerificationCode(randomInt);
-  }
-
   private String generatePushChallenge() {
     SecureRandom random    = new SecureRandom();
     byte[]       challenge = new byte[16];
@@ -942,21 +959,22 @@ public class AccountController {
     return Hex.toStringCondensed(challenge);
   }
 
-  private static class CaptchaRequirement {
-    private final boolean captchaRequired;
-    private final boolean autoBlock;
+  private byte[] createRegistrationSession(final Phonenumber.PhoneNumber phoneNumber) throws RateLimitExceededException {
 
-    private CaptchaRequirement(boolean captchaRequired, boolean autoBlock) {
-      this.captchaRequired = captchaRequired;
-      this.autoBlock       = autoBlock;
-    }
+    try {
+      return registrationServiceClient.createRegistrationSession(phoneNumber, REGISTRATION_RPC_TIMEOUT).join();
+    } catch (final CompletionException e) {
+      Throwable cause = e;
 
-    boolean isCaptchaRequired() {
-      return captchaRequired;
-    }
+      while (cause instanceof CompletionException) {
+        cause = cause.getCause();
+      }
 
-    boolean isAutoBlock() {
-      return autoBlock;
+      if (cause instanceof RateLimitExceededException rateLimitExceededException) {
+        throw rateLimitExceededException;
+      }
+
+      throw e;
     }
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArtController.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2013-2022 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.controllers;
+
+import com.codahale.metrics.annotation.Timed;
+import io.dropwizard.auth.Auth;
+import java.util.UUID;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialGenerator;
+import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
+import org.whispersystems.textsecuregcm.limits.RateLimiters;
+
+@Path("/v1/art")
+public class ArtController {
+  private final ExternalServiceCredentialGenerator artServiceCredentialGenerator;
+  private final RateLimiters rateLimiters;
+
+  public ArtController(RateLimiters rateLimiters,
+      ExternalServiceCredentialGenerator artServiceCredentialGenerator) {
+    this.artServiceCredentialGenerator = artServiceCredentialGenerator;
+    this.rateLimiters = rateLimiters;
+  }
+
+  @Timed
+  @GET
+  @Path("/auth")
+  @Produces(MediaType.APPLICATION_JSON)
+  public ExternalServiceCredentials getAuth(@Auth AuthenticatedAccount auth)
+    throws RateLimitExceededException {
+    final UUID uuid = auth.getAccount().getUuid();
+    rateLimiters.getArtPackLimiter().validate(uuid);
+    return artServiceCredentialGenerator.generateFor(uuid.toString());
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java

@@ -24,6 +24,7 @@ import java.util.Optional;
 import java.util.UUID;
 import javax.annotation.Nonnull;
 import javax.ws.rs.BadRequestException;
+import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
@@ -66,14 +67,13 @@ public class CertificateController {
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/delivery")
   public DeliveryCertificate getDeliveryCertificate(@Auth AuthenticatedAccount auth,
-      @QueryParam("includeE164") Optional<Boolean> maybeIncludeE164)
+      @QueryParam("includeE164") @DefaultValue("true") boolean includeE164)
       throws InvalidKeyException {
+
     if (Util.isEmpty(auth.getAccount().getIdentityKey())) {
       throw new WebApplicationException(Response.Status.BAD_REQUEST);
     }
 
-    final boolean includeE164 = maybeIncludeE164.orElse(true);
-
     Metrics.counter(GENERATE_DELIVERY_CERTIFICATE_COUNTER_NAME, INCLUDE_E164_TAG_NAME, String.valueOf(includeE164))
         .increment();
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ChallengeController.java

@@ -8,9 +8,11 @@ package org.whispersystems.textsecuregcm.controllers;
 import static org.whispersystems.textsecuregcm.metrics.MetricsUtil.name;
 
 import com.codahale.metrics.annotation.Timed;
+import com.google.common.net.HttpHeaders;
 import io.dropwizard.auth.Auth;
 import io.micrometer.core.instrument.Metrics;
 import io.micrometer.core.instrument.Tags;
+import java.io.IOException;
 import java.util.NoSuchElementException;
 import javax.validation.Valid;
 import javax.ws.rs.Consumes;
@@ -19,7 +21,6 @@ import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
-import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
@@ -29,7 +30,7 @@ import org.whispersystems.textsecuregcm.entities.AnswerRecaptchaChallengeRequest
 import org.whispersystems.textsecuregcm.limits.RateLimitChallengeManager;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
 import org.whispersystems.textsecuregcm.push.NotPushRegisteredException;
-import org.whispersystems.textsecuregcm.util.ForwardedIpUtil;
+import org.whispersystems.textsecuregcm.util.HeaderUtils;
 
 @Path("/v1/challenge")
 public class ChallengeController {
@@ -49,8 +50,8 @@ public class ChallengeController {
   @Consumes(MediaType.APPLICATION_JSON)
   public Response handleChallengeResponse(@Auth final AuthenticatedAccount auth,
       @Valid final AnswerChallengeRequest answerRequest,
-      @HeaderParam("X-Forwarded-For") final String forwardedFor,
-      @HeaderParam(HttpHeaders.USER_AGENT) final String userAgent) throws RateLimitExceededException {
+      @HeaderParam(HttpHeaders.X_FORWARDED_FOR) final String forwardedFor,
+      @HeaderParam(HttpHeaders.USER_AGENT) final String userAgent) throws RateLimitExceededException, IOException {
 
     Tags tags = Tags.of(UserAgentTagUtil.getPlatformTag(userAgent));
 
@@ -64,7 +65,7 @@ public class ChallengeController {
 
         try {
           final AnswerRecaptchaChallengeRequest recaptchaChallengeRequest = (AnswerRecaptchaChallengeRequest) answerRequest;
-          final String mostRecentProxy = ForwardedIpUtil.getMostRecentProxy(forwardedFor).orElseThrow();
+          final String mostRecentProxy = HeaderUtils.getMostRecentProxy(forwardedFor).orElseThrow();
 
           rateLimitChallengeManager.answerRecaptchaChallenge(auth.getAccount(), recaptchaChallengeRequest.getCaptcha(),
               mostRecentProxy, userAgent);

service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java

@@ -6,6 +6,7 @@ package org.whispersystems.textsecuregcm.controllers;
 
 import com.codahale.metrics.annotation.Timed;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.net.HttpHeaders;
 import io.dropwizard.auth.Auth;
 import java.security.SecureRandom;
 import java.util.LinkedList;
@@ -47,8 +48,6 @@ import org.whispersystems.textsecuregcm.storage.MessagesManager;
 import org.whispersystems.textsecuregcm.storage.StoredVerificationCodeManager;
 import org.whispersystems.textsecuregcm.util.Util;
 import org.whispersystems.textsecuregcm.util.VerificationCode;
-import org.whispersystems.textsecuregcm.util.ua.UnrecognizedUserAgentException;
-import org.whispersystems.textsecuregcm.util.ua.UserAgentUtil;
 
 @Path("/v1/devices")
 public class DeviceController {
@@ -132,11 +131,9 @@ public class DeviceController {
       throw new WebApplicationException(Response.Status.UNAUTHORIZED);
     }
 
-    VerificationCode       verificationCode       = generateVerificationCode();
-    StoredVerificationCode storedVerificationCode = new StoredVerificationCode(verificationCode.getVerificationCode(),
-                                                                               System.currentTimeMillis(),
-                                                                               null,
-                                                                               null);
+    VerificationCode verificationCode = generateVerificationCode();
+    StoredVerificationCode storedVerificationCode =
+        new StoredVerificationCode(verificationCode.getVerificationCode(), System.currentTimeMillis(), null, null);
 
     pendingDevices.store(account.getNumber(), storedVerificationCode);
 
@@ -150,8 +147,8 @@ public class DeviceController {
   @Path("/{verification_code}")
   @ChangesDeviceEnabledState
   public DeviceResponse verifyDeviceToken(@PathParam("verification_code") String verificationCode,
-      @HeaderParam("Authorization") BasicAuthorizationHeader authorizationHeader,
-      @HeaderParam("User-Agent") String userAgent,
+      @HeaderParam(HttpHeaders.AUTHORIZATION) BasicAuthorizationHeader authorizationHeader,
+      @HeaderParam(HttpHeaders.USER_AGENT) String userAgent,
       @NotNull @Valid AccountAttributes accountAttributes,
       @Context ContainerRequest containerRequest)
       throws RateLimitExceededException, DeviceLimitExceededException {
@@ -189,7 +186,7 @@ public class DeviceController {
     }
 
     final DeviceCapabilities capabilities = accountAttributes.getCapabilities();
-    if (capabilities != null && isCapabilityDowngrade(account.get(), capabilities, userAgent)) {
+    if (capabilities != null && isCapabilityDowngrade(account.get(), capabilities)) {
       throw new WebApplicationException(Response.status(409).build());
     }
 
@@ -237,44 +234,16 @@ public class DeviceController {
     return new VerificationCode(randomInt);
   }
 
-  private boolean isCapabilityDowngrade(Account account, DeviceCapabilities capabilities, String userAgent) {
+  private boolean isCapabilityDowngrade(Account account, DeviceCapabilities capabilities) {
     boolean isDowngrade = false;
 
-    // TODO stories capability
-    // isDowngrade |= account.isStoriesSupported() && !capabilities.isStories();
+    isDowngrade |= account.isStoriesSupported() && !capabilities.isStories();
     isDowngrade |= account.isPniSupported() && !capabilities.isPni();
     isDowngrade |= account.isChangeNumberSupported() && !capabilities.isChangeNumber();
     isDowngrade |= account.isAnnouncementGroupSupported() && !capabilities.isAnnouncementGroup();
     isDowngrade |= account.isSenderKeySupported() && !capabilities.isSenderKey();
-    isDowngrade |= account.isGv1MigrationSupported() && !capabilities.isGv1Migration();
     isDowngrade |= account.isGiftBadgesSupported() && !capabilities.isGiftBadges();
 
-    if (account.isGroupsV2Supported()) {
-      try {
-        switch (UserAgentUtil.parseUserAgentString(userAgent).getPlatform()) {
-          case DESKTOP:
-          case ANDROID: {
-            if (!capabilities.isGv2_3()) {
-              isDowngrade = true;
-            }
-
-            break;
-          }
-
-          case IOS: {
-            if (!capabilities.isGv2_2() && !capabilities.isGv2_3()) {
-              isDowngrade = true;
-            }
-
-            break;
-          }
-        }
-      } catch (final UnrecognizedUserAgentException e) {
-        // If we can't parse the UA string, the client is for sure too old to support groups V2
-        isDowngrade = true;
-      }
-    }
-
     return isDowngrade;
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/DonationController.java

@@ -6,30 +6,13 @@
 package org.whispersystems.textsecuregcm.controllers;
 
 import com.codahale.metrics.annotation.Timed;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import io.dropwizard.auth.Auth;
-import io.dropwizard.util.Strings;
-import java.net.URI;
-import java.net.http.HttpClient.Redirect;
-import java.net.http.HttpClient.Version;
-import java.net.http.HttpRequest;
-import java.net.http.HttpResponse;
-import java.net.http.HttpResponse.BodyHandlers;
-import java.nio.charset.StandardCharsets;
 import java.time.Clock;
-import java.time.Duration;
 import java.time.Instant;
-import java.util.Base64;
-import java.util.HashMap;
-import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
-import java.util.Set;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
-import java.util.concurrent.Executor;
 import java.util.concurrent.ForkJoinPool;
 import java.util.concurrent.ForkJoinPool.ManagedBlocker;
 import java.util.function.Function;
@@ -52,18 +35,11 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
-import org.whispersystems.textsecuregcm.configuration.DonationConfiguration;
-import org.whispersystems.textsecuregcm.configuration.StripeConfiguration;
-import org.whispersystems.textsecuregcm.entities.ApplePayAuthorizationRequest;
-import org.whispersystems.textsecuregcm.entities.ApplePayAuthorizationResponse;
 import org.whispersystems.textsecuregcm.entities.RedeemReceiptRequest;
-import org.whispersystems.textsecuregcm.http.FaultTolerantHttpClient;
-import org.whispersystems.textsecuregcm.http.FormDataBodyPublisher;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.AccountBadge;
 import org.whispersystems.textsecuregcm.storage.AccountsManager;
 import org.whispersystems.textsecuregcm.storage.RedeemedReceiptsManager;
-import org.whispersystems.textsecuregcm.util.SystemMapper;
 
 @Path("/v1/donation")
 public class DonationController {
@@ -80,11 +56,6 @@ public class DonationController {
   private final AccountsManager accountsManager;
   private final BadgesConfiguration badgesConfiguration;
   private final ReceiptCredentialPresentationFactory receiptCredentialPresentationFactory;
-  private final URI uri;
-  private final String apiKey;
-  private final String description;
-  private final Set<String> supportedCurrencies;
-  private final FaultTolerantHttpClient httpClient;
 
   public DonationController(
       @Nonnull final Clock clock,
@@ -92,30 +63,13 @@ public class DonationController {
       @Nonnull final RedeemedReceiptsManager redeemedReceiptsManager,
       @Nonnull final AccountsManager accountsManager,
       @Nonnull final BadgesConfiguration badgesConfiguration,
-      @Nonnull final ReceiptCredentialPresentationFactory receiptCredentialPresentationFactory,
-      @Nonnull final Executor httpClientExecutor,
-      @Nonnull final DonationConfiguration configuration,
-      @Nonnull final StripeConfiguration stripeConfiguration) {
+      @Nonnull final ReceiptCredentialPresentationFactory receiptCredentialPresentationFactory) {
     this.clock = Objects.requireNonNull(clock);
     this.serverZkReceiptOperations = Objects.requireNonNull(serverZkReceiptOperations);
     this.redeemedReceiptsManager = Objects.requireNonNull(redeemedReceiptsManager);
     this.accountsManager = Objects.requireNonNull(accountsManager);
     this.badgesConfiguration = Objects.requireNonNull(badgesConfiguration);
     this.receiptCredentialPresentationFactory = Objects.requireNonNull(receiptCredentialPresentationFactory);
-    this.uri = URI.create(configuration.getUri());
-    this.apiKey = stripeConfiguration.getApiKey();
-    this.description = configuration.getDescription();
-    this.supportedCurrencies = configuration.getSupportedCurrencies();
-    this.httpClient = FaultTolerantHttpClient.newBuilder()
-        .withCircuitBreaker(configuration.getCircuitBreaker())
-        .withRetry(configuration.getRetry())
-        .withVersion(Version.HTTP_2)
-        .withConnectTimeout(Duration.ofSeconds(10))
-        .withRedirect(Redirect.NEVER)
-        .withExecutor(Objects.requireNonNull(httpClientExecutor))
-        .withName("donation")
-        .withSecurityProtocol(FaultTolerantHttpClient.SECURITY_PROTOCOL_TLS_1_3)
-        .build();
   }
 
   @Timed
@@ -188,55 +142,4 @@ public class DonationController {
     }).thenCompose(Function.identity());
   }
 
-  @Timed
-  @POST
-  @Path("/authorize-apple-pay")
-  @Consumes(MediaType.APPLICATION_JSON)
-  @Produces(MediaType.APPLICATION_JSON)
-  public CompletableFuture<Response> getApplePayAuthorization(@Auth AuthenticatedAccount auth, @NotNull @Valid ApplePayAuthorizationRequest request) {
-    if (!supportedCurrencies.contains(request.getCurrency())) {
-      return CompletableFuture.completedFuture(Response.status(422).build());
-    }
-
-    final Map<String, String> formData = new HashMap<>();
-    formData.put("amount", Long.toString(request.getAmount()));
-    formData.put("currency", request.getCurrency());
-    if (!Strings.isNullOrEmpty(description)) {
-      formData.put("description", description);
-    }
-    final HttpRequest httpRequest = HttpRequest.newBuilder()
-        .uri(uri)
-        .POST(FormDataBodyPublisher.of(formData))
-        .header("Authorization", "Basic " + Base64.getEncoder().encodeToString(
-            (apiKey + ":").getBytes(StandardCharsets.UTF_8)))
-        .header("Content-Type", "application/x-www-form-urlencoded")
-        .build();
-    return httpClient.sendAsync(httpRequest, BodyHandlers.ofString())
-        .thenApply(this::processApplePayAuthorizationRemoteResponse);
-  }
-
-  private Response processApplePayAuthorizationRemoteResponse(HttpResponse<String> response) {
-    ObjectMapper mapper = SystemMapper.getMapper();
-
-    if (response.statusCode() >= 200 && response.statusCode() < 300 &&
-        MediaType.APPLICATION_JSON.equalsIgnoreCase(response.headers().firstValue("Content-Type").orElse(null))) {
-      try {
-        final JsonNode jsonResponse = mapper.readTree(response.body());
-        final String id = jsonResponse.get("id").asText(null);
-        final String clientSecret = jsonResponse.get("client_secret").asText(null);
-        if (Strings.isNullOrEmpty(id) || Strings.isNullOrEmpty(clientSecret)) {
-          logger.warn("missing fields in json response in donation controller");
-          return Response.status(500).build();
-        }
-        final String responseJson = mapper.writeValueAsString(new ApplePayAuthorizationResponse(id, clientSecret));
-        return Response.ok(responseJson, MediaType.APPLICATION_JSON_TYPE).build();
-      } catch (JsonProcessingException e) {
-        logger.warn("json processing error in donation controller", e);
-        return Response.status(500).build();
-      }
-    } else {
-      logger.warn("unexpected response code returned to donation controller");
-      return Response.status(500).build();
-    }
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/InvalidDestinationException.java

@@ -1,12 +0,0 @@
-/*
- * Copyright 2013-2020 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.controllers;
-
-public class InvalidDestinationException extends Exception {
-  public InvalidDestinationException(String message) {
-    super(message);
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeepAliveController.java

@@ -10,17 +10,15 @@ import static com.codahale.metrics.MetricRegistry.name;
 import com.codahale.metrics.annotation.Timed;
 import io.dropwizard.auth.Auth;
 import io.micrometer.core.instrument.Metrics;
+import io.micrometer.core.instrument.Tags;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.Response;
-import io.micrometer.core.instrument.Tags;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
-import org.whispersystems.textsecuregcm.util.ua.UnrecognizedUserAgentException;
-import org.whispersystems.textsecuregcm.util.ua.UserAgentUtil;
 import org.whispersystems.websocket.session.WebSocketSession;
 import org.whispersystems.websocket.session.WebSocketSessionContext;
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeysController.java

@@ -7,6 +7,7 @@ package org.whispersystems.textsecuregcm.controllers;
 import static com.codahale.metrics.MetricRegistry.name;
 
 import com.codahale.metrics.annotation.Timed;
+import com.google.common.net.HttpHeaders;
 import io.dropwizard.auth.Auth;
 import io.micrometer.core.instrument.Metrics;
 import io.micrometer.core.instrument.Tags;
@@ -94,7 +95,7 @@ public class KeysController {
   public void setKeys(@Auth final DisabledPermittedAuthenticatedAccount disabledPermittedAuth,
       @NotNull @Valid final PreKeyState preKeys,
       @QueryParam("identity") final Optional<String> identityType,
-      @HeaderParam("User-Agent") String userAgent) {
+      @HeaderParam(HttpHeaders.USER_AGENT) String userAgent) {
     Account account = disabledPermittedAuth.getAccount();
     Device device = disabledPermittedAuth.getAuthenticatedDevice();
     boolean updateAccount = false;
@@ -151,7 +152,7 @@ public class KeysController {
       @HeaderParam(OptionalAccess.UNIDENTIFIED) Optional<Anonymous> accessKey,
       @PathParam("identifier") UUID targetUuid,
       @PathParam("device_id") String deviceId,
-      @HeaderParam("User-Agent") String userAgent)
+      @HeaderParam(HttpHeaders.USER_AGENT) String userAgent)
       throws RateLimitExceededException {
 
     if (!auth.isPresent() && !accessKey.isPresent()) {

service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2021 Signal Messenger, LLC
+ * Copyright 2013-2022 Signal Messenger, LLC
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 package org.whispersystems.textsecuregcm.controllers;
@@ -8,6 +8,7 @@ import static com.codahale.metrics.MetricRegistry.name;
 
 import com.codahale.metrics.annotation.Timed;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.net.HttpHeaders;
 import com.google.protobuf.ByteString;
 import io.dropwizard.auth.Auth;
 import io.dropwizard.util.DataSize;
@@ -16,12 +17,14 @@ import io.micrometer.core.instrument.Metrics;
 import io.micrometer.core.instrument.Tag;
 import io.micrometer.core.instrument.Tags;
 import java.security.MessageDigest;
+import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Base64;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -29,16 +32,20 @@ import java.util.Optional;
 import java.util.Set;
 import java.util.UUID;
 import java.util.concurrent.Callable;
+import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.function.Function;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
 import javax.ws.rs.HeaderParam;
 import javax.ws.rs.POST;
@@ -48,12 +55,16 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.textsecuregcm.abuse.FilterAbusiveMessages;
+import org.whispersystems.textsecuregcm.abuse.ReportSpamTokenHandler;
+import org.whispersystems.textsecuregcm.abuse.ReportSpamTokenProvider;
 import org.whispersystems.textsecuregcm.auth.Anonymous;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.auth.CombinedUnidentifiedSenderAccessKeys;
@@ -71,8 +82,8 @@ import org.whispersystems.textsecuregcm.entities.OutgoingMessageEntity;
 import org.whispersystems.textsecuregcm.entities.OutgoingMessageEntityList;
 import org.whispersystems.textsecuregcm.entities.SendMessageResponse;
 import org.whispersystems.textsecuregcm.entities.SendMultiRecipientMessageResponse;
+import org.whispersystems.textsecuregcm.entities.SpamReport;
 import org.whispersystems.textsecuregcm.entities.StaleDevices;
-import org.whispersystems.textsecuregcm.limits.RateLimitChallengeException;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
 import org.whispersystems.textsecuregcm.metrics.MessageMetrics;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
@@ -93,6 +104,8 @@ import org.whispersystems.textsecuregcm.util.Util;
 import org.whispersystems.textsecuregcm.util.ua.UnrecognizedUserAgentException;
 import org.whispersystems.textsecuregcm.util.ua.UserAgentUtil;
 import org.whispersystems.textsecuregcm.websocket.WebSocketConnection;
+import org.whispersystems.websocket.Stories;
+import reactor.core.scheduler.Schedulers;
 
 @SuppressWarnings("OptionalUsedAsFieldOrParameterType")
 @Path("/v1/messages")
@@ -109,6 +122,8 @@ public class MessageController {
   private final PushNotificationManager pushNotificationManager;
   private final ReportMessageManager reportMessageManager;
   private final ExecutorService multiRecipientMessageExecutor;
+  private final ReportSpamTokenProvider reportSpamTokenProvider;
+  private final ReportSpamTokenHandler reportSpamTokenHandler;
 
   private static final String REJECT_OVERSIZE_MESSAGE_COUNTER = name(MessageController.class, "rejectOversizeMessage");
   private static final String SENT_MESSAGE_COUNTER_NAME = name(MessageController.class, "sentMessages");
@@ -139,7 +154,9 @@ public class MessageController {
       MessagesManager messagesManager,
       PushNotificationManager pushNotificationManager,
       ReportMessageManager reportMessageManager,
-      @Nonnull ExecutorService multiRecipientMessageExecutor) {
+      @Nonnull ExecutorService multiRecipientMessageExecutor,
+      @Nonnull ReportSpamTokenProvider reportSpamTokenProvider,
+      @Nonnull ReportSpamTokenHandler reportSpamTokenHandler) {
     this.rateLimiters = rateLimiters;
     this.messageSender = messageSender;
     this.receiptSender = receiptSender;
@@ -149,6 +166,9 @@ public class MessageController {
     this.pushNotificationManager = pushNotificationManager;
     this.reportMessageManager = reportMessageManager;
     this.multiRecipientMessageExecutor = Objects.requireNonNull(multiRecipientMessageExecutor);
+    this.reportSpamTokenProvider = reportSpamTokenProvider;
+    this.reportSpamTokenHandler = reportSpamTokenHandler;
+
   }
 
   @Timed
@@ -159,13 +179,16 @@ public class MessageController {
   @FilterAbusiveMessages
   public Response sendMessage(@Auth Optional<AuthenticatedAccount> source,
       @HeaderParam(OptionalAccess.UNIDENTIFIED) Optional<Anonymous> accessKey,
-      @HeaderParam("User-Agent") String userAgent,
-      @HeaderParam("X-Forwarded-For") String forwardedFor,
+      @HeaderParam(HttpHeaders.USER_AGENT) String userAgent,
+      @HeaderParam(HttpHeaders.X_FORWARDED_FOR) String forwardedFor,
       @PathParam("destination") UUID destinationUuid,
-      @NotNull @Valid IncomingMessageList messages)
-      throws RateLimitExceededException, RateLimitChallengeException {
+      @QueryParam("story") boolean isStory,
+      @NotNull @Valid IncomingMessageList messages,
+      @Context ContainerRequestContext context
+  )
+      throws RateLimitExceededException {
 
-    if (source.isEmpty() && accessKey.isEmpty()) {
+    if (source.isEmpty() && accessKey.isEmpty() && !isStory) {
       throw new WebApplicationException(Response.Status.UNAUTHORIZED);
     }
 
@@ -181,6 +204,13 @@ public class MessageController {
       senderType = SENDER_TYPE_UNIDENTIFIED;
     }
 
+    final Optional<byte[]> spamReportToken;
+    if (senderType.equals(SENDER_TYPE_IDENTIFIED)) {
+      spamReportToken = reportSpamTokenProvider.makeReportSpamToken(context);
+    } else {
+      spamReportToken = Optional.empty();
+    }
+
     for (final IncomingMessage message : messages.messages()) {
 
       int contentLength = 0;
@@ -205,11 +235,30 @@ public class MessageController {
         destination = source.map(AuthenticatedAccount::getAccount);
       }
 
-      OptionalAccess.verify(source.map(AuthenticatedAccount::getAccount), accessKey, destination);
-      assert (destination.isPresent());
+      // Stories will be checked by the client; we bypass access checks here for stories.
+      if (!isStory) {
+        OptionalAccess.verify(source.map(AuthenticatedAccount::getAccount), accessKey, destination);
+      }
+
+      boolean needsSync = !isSyncMessage && source.isPresent() && source.get().getAccount().getEnabledDeviceCount() > 1;
+
+      // We return 200 when stories are sent to a non-existent account. Since story sends bypass OptionalAccess.verify
+      // we leak information about whether a destination UUID exists if we return any other code (e.g. 404) from
+      // these requests.
+      if (isStory && destination.isEmpty()) {
+        return Response.ok(new SendMessageResponse(needsSync)).build();
+      }
+
+      // if destination is empty we would either throw an exception in OptionalAccess.verify when isStory is false
+      // or else return a 200 response when isStory is true.
+      assert destination.isPresent();
 
       if (source.isPresent() && !isSyncMessage) {
-        checkRateLimit(source.get(), destination.get(), userAgent);
+        checkMessageRateLimit(source.get(), destination.get(), userAgent);
+      }
+
+      if (isStory) {
+        checkStoryRateLimit(destination.get());
       }
 
       final Set<Long> excludedDeviceIds;
@@ -239,12 +288,22 @@ public class MessageController {
 
         if (destinationDevice.isPresent()) {
           Metrics.counter(SENT_MESSAGE_COUNTER_NAME, tags).increment();
-          sendMessage(source, destination.get(), destinationDevice.get(), destinationUuid, messages.timestamp(), messages.online(), messages.urgent(), incomingMessage, userAgent);
+          sendIndividualMessage(
+              source,
+              destination.get(),
+              destinationDevice.get(),
+              destinationUuid,
+              messages.timestamp(),
+              messages.online(),
+              isStory,
+              messages.urgent(),
+              incomingMessage,
+              userAgent,
+              spamReportToken);
         }
       }
 
-      return Response.ok(new SendMessageResponse(
-          !isSyncMessage && source.isPresent() && source.get().getAccount().getEnabledDeviceCount() > 1)).build();
+      return Response.ok(new SendMessageResponse(needsSync)).build();
     } catch (NoSuchUserException e) {
       throw new WebApplicationException(Response.status(404).build());
     } catch (MismatchedDevicesException e) {
@@ -261,6 +320,35 @@ public class MessageController {
     }
   }
 
+
+  /**
+   * Build mapping of accounts to devices/registration IDs.
+   *
+   * @param multiRecipientMessage
+   * @param uuidToAccountMap
+   * @return
+   */
+  private Map<Account, Set<Pair<Long, Integer>>> buildDeviceIdAndRegistrationIdMap(
+      MultiRecipientMessage multiRecipientMessage,
+      Map<UUID, Account> uuidToAccountMap
+  ) {
+
+    return Arrays.stream(multiRecipientMessage.getRecipients())
+        // for normal messages, all recipients UUIDs are in the map,
+        // but story messages might specify inactive UUIDs, which we
+        // have previously filtered
+        .filter(r -> uuidToAccountMap.containsKey(r.getUuid()))
+        .collect(Collectors.toMap(
+            recipient -> uuidToAccountMap.get(recipient.getUuid()),
+            recipient -> new HashSet<>(
+                Collections.singletonList(new Pair<>(recipient.getDeviceId(), recipient.getRegistrationId()))),
+            (a, b) -> {
+              a.addAll(b);
+              return a;
+            }
+        ));
+  }
+
   @Timed
   @Path("/multi_recipient")
   @PUT
@@ -268,43 +356,63 @@ public class MessageController {
   @Produces(MediaType.APPLICATION_JSON)
   @FilterAbusiveMessages
   public Response sendMultiRecipientMessage(
-      @HeaderParam(OptionalAccess.UNIDENTIFIED) CombinedUnidentifiedSenderAccessKeys accessKeys,
-      @HeaderParam("User-Agent") String userAgent,
-      @HeaderParam("X-Forwarded-For") String forwardedFor,
+      @HeaderParam(OptionalAccess.UNIDENTIFIED) @Nullable CombinedUnidentifiedSenderAccessKeys accessKeys,
+      @HeaderParam(HttpHeaders.USER_AGENT) String userAgent,
+      @HeaderParam(HttpHeaders.X_FORWARDED_FOR) String forwardedFor,
       @QueryParam("online") boolean online,
       @QueryParam("ts") long timestamp,
+      @QueryParam("urgent") @DefaultValue("true") final boolean isUrgent,
+      @QueryParam("story") boolean isStory,
       @NotNull @Valid MultiRecipientMessage multiRecipientMessage) {
 
-    Map<UUID, Account> uuidToAccountMap = Arrays.stream(multiRecipientMessage.getRecipients())
-        .map(Recipient::getUuid)
-        .distinct()
-        .collect(Collectors.toUnmodifiableMap(Function.identity(), uuid -> {
-          Optional<Account> account = accountsManager.getByAccountIdentifier(uuid);
-          if (account.isEmpty()) {
-            throw new WebApplicationException(Status.NOT_FOUND);
-          }
-          return account.get();
-        }));
-    checkAccessKeys(accessKeys, uuidToAccountMap);
+    // we skip "missing" accounts when story=true.
+    // otherwise, we return a 404 status code.
+    final Function<UUID, Stream<Account>> accountFinder = uuid -> {
+      Optional<Account> res = accountsManager.getByAccountIdentifier(uuid);
+      if (!isStory && res.isEmpty()) {
+        throw new WebApplicationException(Status.NOT_FOUND);
+      }
+      return res.stream();
+    };
 
-    final Map<Account, HashSet<Pair<Long, Integer>>> accountToDeviceIdAndRegistrationIdMap =
-        Arrays
-            .stream(multiRecipientMessage.getRecipients())
-            .collect(Collectors.toMap(
-                recipient -> uuidToAccountMap.get(recipient.getUuid()),
-                recipient -> new HashSet<>(
-                    Collections.singletonList(new Pair<>(recipient.getDeviceId(), recipient.getRegistrationId()))),
-                (a, b) -> {
-                  a.addAll(b);
-                  return a;
-                }
-            ));
+    // build a map from UUID to accounts
+    Map<UUID, Account> uuidToAccountMap =
+        Arrays.stream(multiRecipientMessage.getRecipients())
+            .map(Recipient::getUuid)
+            .distinct()
+            .flatMap(accountFinder)
+            .collect(Collectors.toUnmodifiableMap(
+                Account::getUuid,
+                Function.identity()));
+
+    // Stories will be checked by the client; we bypass access checks here for stories.
+    if (!isStory) {
+      checkAccessKeys(accessKeys, uuidToAccountMap);
+    }
+
+    final Map<Account, Set<Pair<Long, Integer>>> accountToDeviceIdAndRegistrationIdMap =
+        buildDeviceIdAndRegistrationIdMap(multiRecipientMessage, uuidToAccountMap);
+
+    // We might filter out all the recipients of a story (if none have enabled stories).
+    // In this case there is no error so we should just return 200 now.
+    if (isStory && accountToDeviceIdAndRegistrationIdMap.isEmpty()) {
+      return Response.ok(new SendMultiRecipientMessageResponse(new LinkedList<>())).build();
+    }
 
     Collection<AccountMismatchedDevices> accountMismatchedDevices = new ArrayList<>();
     Collection<AccountStaleDevices> accountStaleDevices = new ArrayList<>();
     uuidToAccountMap.values().forEach(account -> {
-      final Set<Long> deviceIds = accountToDeviceIdAndRegistrationIdMap.get(account).stream().map(Pair::first)
-          .collect(Collectors.toSet());
+
+      if (isStory) {
+        checkStoryRateLimit(account);
+      }
+
+      Set<Long> deviceIds = accountToDeviceIdAndRegistrationIdMap
+        .getOrDefault(account, Collections.emptySet())
+        .stream()
+        .map(Pair::first)
+        .collect(Collectors.toSet());
+
       try {
         DestinationDeviceValidator.validateCompleteDeviceList(account, deviceIds, Collections.emptySet());
 
@@ -352,8 +460,8 @@ public class MessageController {
             Device destinationDevice = destinationAccount.getDevice(recipient.getDeviceId()).orElseThrow();
             sentMessageCounter.increment();
             try {
-              sendMessage(destinationAccount, destinationDevice, timestamp, online, recipient,
-                  multiRecipientMessage.getCommonPayload());
+              sendCommonPayloadMessage(destinationAccount, destinationDevice, timestamp, online, isStory, isUrgent,
+                  recipient, multiRecipientMessage.getCommonPayload());
             } catch (NoSuchUserException e) {
               uuids404.add(destinationAccount.getUuid());
             }
@@ -368,6 +476,10 @@ public class MessageController {
   }
 
   private void checkAccessKeys(CombinedUnidentifiedSenderAccessKeys accessKeys, Map<UUID, Account> uuidToAccountMap) {
+    // We should not have null access keys when checking access; bail out early.
+    if (accessKeys == null) {
+      throw new WebApplicationException(Status.UNAUTHORIZED);
+    }
     AtomicBoolean throwUnauthorized = new AtomicBoolean(false);
     byte[] empty = new byte[16];
     final Optional<byte[]> UNRESTRICTED_UNIDENTIFIED_ACCESS_KEY = Optional.of(new byte[16]);
@@ -405,39 +517,48 @@ public class MessageController {
   @Timed
   @GET
   @Produces(MediaType.APPLICATION_JSON)
-  public OutgoingMessageEntityList getPendingMessages(@Auth AuthenticatedAccount auth,
-      @HeaderParam("User-Agent") String userAgent) {
+  public CompletableFuture<OutgoingMessageEntityList> getPendingMessages(@Auth AuthenticatedAccount auth,
+      @HeaderParam(Stories.X_SIGNAL_RECEIVE_STORIES) String receiveStoriesHeader,
+      @HeaderParam(HttpHeaders.USER_AGENT) String userAgent) {
+
+    boolean shouldReceiveStories = Stories.parseReceiveStoriesHeader(receiveStoriesHeader);
 
     pushNotificationManager.handleMessagesRetrieved(auth.getAccount(), auth.getAuthenticatedDevice(), userAgent);
 
-    final OutgoingMessageEntityList outgoingMessages;
-    {
-      final Pair<List<Envelope>, Boolean> messagesAndHasMore = messagesManager.getMessagesForDevice(
-          auth.getAccount().getUuid(),
-          auth.getAuthenticatedDevice().getId(),
-          false);
+    return messagesManager.getMessagesForDevice(
+            auth.getAccount().getUuid(),
+            auth.getAuthenticatedDevice().getId(),
+            false)
+        .map(messagesAndHasMore -> {
+          Stream<Envelope> envelopes = messagesAndHasMore.first().stream();
+          if (!shouldReceiveStories) {
+            envelopes = envelopes.filter(e -> !e.getStory());
+          }
 
-      outgoingMessages = new OutgoingMessageEntityList(messagesAndHasMore.first().stream()
-          .map(OutgoingMessageEntity::fromEnvelope)
-          .peek(outgoingMessageEntity -> MessageMetrics.measureAccountOutgoingMessageUuidMismatches(auth.getAccount(),
-              outgoingMessageEntity))
-          .collect(Collectors.toList()),
-          messagesAndHasMore.second());
-    }
+          final OutgoingMessageEntityList messages = new OutgoingMessageEntityList(envelopes
+              .map(OutgoingMessageEntity::fromEnvelope)
+              .peek(
+                  outgoingMessageEntity -> MessageMetrics.measureAccountOutgoingMessageUuidMismatches(auth.getAccount(),
+                      outgoingMessageEntity))
+              .collect(Collectors.toList()),
+              messagesAndHasMore.second());
 
-    {
-      String platform;
+          String platform;
 
-      try {
-        platform = UserAgentUtil.parseUserAgentString(userAgent).getPlatform().name().toLowerCase();
-      } catch (final UnrecognizedUserAgentException ignored) {
-        platform = "unrecognized";
-      }
+          try {
+            platform = UserAgentUtil.parseUserAgentString(userAgent).getPlatform().name().toLowerCase();
+          } catch (final UnrecognizedUserAgentException ignored) {
+            platform = "unrecognized";
+          }
 
-      Metrics.summary(OUTGOING_MESSAGE_LIST_SIZE_BYTES_DISTRIBUTION_NAME, "platform", platform).record(estimateMessageListSizeBytes(outgoingMessages));
-    }
+          Metrics.summary(OUTGOING_MESSAGE_LIST_SIZE_BYTES_DISTRIBUTION_NAME, "platform", platform)
+              .record(estimateMessageListSizeBytes(messages));
 
-    return outgoingMessages;
+          return messages;
+        })
+        .timeout(Duration.ofSeconds(5))
+        .subscribeOn(Schedulers.boundedElastic())
+        .toFuture();
   }
 
   private static long estimateMessageListSizeBytes(final OutgoingMessageEntityList messageList) {
@@ -454,32 +575,41 @@ public class MessageController {
   @Timed
   @DELETE
   @Path("/uuid/{uuid}")
-  public void removePendingMessage(@Auth AuthenticatedAccount auth, @PathParam("uuid") UUID uuid) {
-    messagesManager.delete(
-        auth.getAccount().getUuid(),
-        auth.getAuthenticatedDevice().getId(),
-        uuid,
-        null).ifPresent(deletedMessage -> {
+  public CompletableFuture<Void> removePendingMessage(@Auth AuthenticatedAccount auth, @PathParam("uuid") UUID uuid) {
+    return messagesManager.delete(
+            auth.getAccount().getUuid(),
+            auth.getAuthenticatedDevice().getId(),
+            uuid,
+            null)
+        .thenAccept(maybeDeletedMessage -> {
+          maybeDeletedMessage.ifPresent(deletedMessage -> {
 
-      WebSocketConnection.recordMessageDeliveryDuration(deletedMessage.getTimestamp(), auth.getAuthenticatedDevice());
+            WebSocketConnection.recordMessageDeliveryDuration(deletedMessage.getTimestamp(),
+                auth.getAuthenticatedDevice());
 
-      if (deletedMessage.hasSourceUuid() && deletedMessage.getType() != Type.SERVER_DELIVERY_RECEIPT) {
-        try {
-          receiptSender.sendReceipt(
-              UUID.fromString(deletedMessage.getDestinationUuid()), auth.getAuthenticatedDevice().getId(),
-              UUID.fromString(deletedMessage.getSourceUuid()), deletedMessage.getTimestamp());
-        } catch (Exception e) {
-          logger.warn("Failed to send delivery receipt", e);
-        }
-      }
-    });
+            if (deletedMessage.hasSourceUuid() && deletedMessage.getType() != Type.SERVER_DELIVERY_RECEIPT) {
+              try {
+                receiptSender.sendReceipt(
+                    UUID.fromString(deletedMessage.getDestinationUuid()), auth.getAuthenticatedDevice().getId(),
+                    UUID.fromString(deletedMessage.getSourceUuid()), deletedMessage.getTimestamp());
+              } catch (Exception e) {
+                logger.warn("Failed to send delivery receipt", e);
+              }
+            }
+          });
+        });
   }
 
   @Timed
   @POST
+  @Consumes(MediaType.APPLICATION_JSON)
   @Path("/report/{source}/{messageGuid}")
-  public Response reportMessage(@Auth AuthenticatedAccount auth, @PathParam("source") String source,
-      @PathParam("messageGuid") UUID messageGuid) {
+  public Response reportSpamMessage(
+      @Auth AuthenticatedAccount auth,
+      @PathParam("source") String source,
+      @PathParam("messageGuid") UUID messageGuid,
+      @Nullable @Valid SpamReport spamReport
+  ) {
 
     final Optional<String> sourceNumber;
     final Optional<UUID> sourceAci;
@@ -509,31 +639,55 @@ public class MessageController {
       }
     }
 
-    reportMessageManager.report(sourceNumber, sourceAci, sourcePni, messageGuid, auth.getAccount().getUuid());
+    UUID spamReporterUuid = auth.getAccount().getUuid();
+
+    // spam report token is optional, but if provided ensure it is valid base64.
+    byte[] spamReportToken = null;
+    if (spamReport != null) {
+      try {
+        spamReportToken = Base64.getDecoder().decode(spamReport.token());
+      } catch (IllegalArgumentException e) {
+        throw new WebApplicationException(Response.status(400).build());
+      }
+    }
+
+    // fire-and-forget: we don't want to block the response on this action.
+    CompletableFuture<Boolean> ignored =
+      reportSpamTokenHandler.handle(sourceNumber, sourceAci, sourcePni, messageGuid, spamReporterUuid, spamReportToken);
+
+    reportMessageManager.report(sourceNumber, sourceAci, sourcePni, messageGuid, spamReporterUuid);
 
     return Response.status(Status.ACCEPTED)
         .build();
   }
 
-  private void sendMessage(Optional<AuthenticatedAccount> source,
+  private void sendIndividualMessage(
+      Optional<AuthenticatedAccount> source,
       Account destinationAccount,
       Device destinationDevice,
       UUID destinationUuid,
       long timestamp,
       boolean online,
+      boolean story,
       boolean urgent,
       IncomingMessage incomingMessage,
-      String userAgentString)
+      String userAgentString,
+      Optional<byte[]> spamReportToken)
       throws NoSuchUserException {
     try {
       final Envelope envelope;
 
       try {
-        envelope = incomingMessage.toEnvelope(destinationUuid,
-            source.map(AuthenticatedAccount::getAccount).orElse(null),
-            source.map(authenticatedAccount -> authenticatedAccount.getAuthenticatedDevice().getId()).orElse(null),
+        Account sourceAccount = source.map(AuthenticatedAccount::getAccount).orElse(null);
+        Long sourceDeviceId = source.map(account -> account.getAuthenticatedDevice().getId()).orElse(null);
+        envelope = incomingMessage.toEnvelope(
+            destinationUuid,
+            sourceAccount,
+            sourceDeviceId,
             timestamp == 0 ? System.currentTimeMillis() : timestamp,
-            urgent);
+            story,
+            urgent,
+            spamReportToken.orElse(null));
       } catch (final IllegalArgumentException e) {
         logger.warn("Received bad envelope type {} from {}", incomingMessage.type(), userAgentString);
         throw new BadRequestException(e);
@@ -546,10 +700,12 @@ public class MessageController {
     }
   }
 
-  private void sendMessage(Account destinationAccount,
+  private void sendCommonPayloadMessage(Account destinationAccount,
       Device destinationDevice,
       long timestamp,
       boolean online,
+      boolean story,
+      boolean urgent,
       Recipient recipient,
       byte[] commonPayload) throws NoSuchUserException {
     try {
@@ -567,6 +723,8 @@ public class MessageController {
           .setTimestamp(timestamp == 0 ? serverTimestamp : timestamp)
           .setServerTimestamp(serverTimestamp)
           .setContent(ByteString.copyFrom(payload))
+          .setStory(story)
+          .setUrgent(urgent)
           .setDestinationUuid(destinationAccount.getUuid().toString());
 
       messageSender.sendMessage(destinationAccount, destinationDevice, messageBuilder.build(), online);
@@ -579,7 +737,14 @@ public class MessageController {
     }
   }
 
-  private void checkRateLimit(AuthenticatedAccount source, Account destination, String userAgent)
+  private void checkStoryRateLimit(Account destination) {
+    try {
+      rateLimiters.getMessagesLimiter().validate(destination.getUuid());
+    } catch (final RateLimitExceededException e) {
+    }
+  }
+
+  private void checkMessageRateLimit(AuthenticatedAccount source, Account destination, String userAgent)
       throws RateLimitExceededException {
     final String senderCountryCode = Util.getCountryCode(source.getAccount().getNumber());
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ProfileController.java

@@ -317,7 +317,7 @@ public class ProfileController {
       @Auth Optional<AuthenticatedAccount> auth,
       @HeaderParam(OptionalAccess.UNIDENTIFIED) Optional<Anonymous> accessKey,
       @Context ContainerRequestContext containerRequestContext,
-      @HeaderParam("User-Agent") String userAgent,
+      @HeaderParam(HttpHeaders.USER_AGENT) String userAgent,
       @PathParam("identifier") UUID identifier,
       @QueryParam("ca") boolean useCaCertificate)
       throws RateLimitExceededException {
@@ -387,11 +387,32 @@ public class ProfileController {
 
   private void checkFingerprintAndAdd(BatchIdentityCheckRequest.Element element,
       Collection<BatchIdentityCheckResponse.Element> responseElements, MessageDigest md) {
-    accountsManager.getByAccountIdentifier(element.aci()).ifPresent(account -> {
-      if (account.getIdentityKey() == null) return;
+
+    final Optional<Account> maybeAccount;
+    final boolean usePhoneNumberIdentity;
+    if (element.aci() != null) {
+      maybeAccount = accountsManager.getByAccountIdentifier(element.aci());
+      usePhoneNumberIdentity = false;
+    } else {
+      final Optional<Account> maybeAciAccount = accountsManager.getByAccountIdentifier(element.uuid());
+
+      if (maybeAciAccount.isEmpty()) {
+        maybeAccount = accountsManager.getByPhoneNumberIdentifier(element.uuid());
+        usePhoneNumberIdentity = true;
+      } else {
+        maybeAccount = maybeAciAccount;
+        usePhoneNumberIdentity = false;
+      }
+    }
+
+    maybeAccount.ifPresent(account -> {
+      if (account.getIdentityKey() == null || account.getPhoneNumberIdentityKey() == null) {
+        return;
+      }
       byte[] identityKeyBytes;
       try {
-        identityKeyBytes = Base64.getDecoder().decode(account.getIdentityKey());
+        identityKeyBytes = Base64.getDecoder().decode(usePhoneNumberIdentity ? account.getPhoneNumberIdentityKey()
+            : account.getIdentityKey());
       } catch (IllegalArgumentException ignored) {
         return;
       }
@@ -400,7 +421,7 @@ public class ProfileController {
       byte[] fingerprint = Util.truncate(digest, 4);
 
       if (!Arrays.equals(fingerprint, element.fingerprint())) {
-        responseElements.add(new BatchIdentityCheckResponse.Element(element.aci(), identityKeyBytes));
+        responseElements.add(new BatchIdentityCheckResponse.Element(element.aci(), element.uuid(), identityKeyBytes));
       }
     });
   }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/RateLimitExceededException.java

@@ -4,9 +4,9 @@
  */
 package org.whispersystems.textsecuregcm.controllers;
 
-import javax.annotation.Nullable;
 import java.time.Duration;
 import java.util.Optional;
+import javax.annotation.Nullable;
 
 public class RateLimitExceededException extends Exception {
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/RemoteConfigController.java

@@ -41,6 +41,7 @@ import org.whispersystems.textsecuregcm.entities.UserRemoteConfigList;
 import org.whispersystems.textsecuregcm.storage.RemoteConfig;
 import org.whispersystems.textsecuregcm.storage.RemoteConfigsManager;
 import org.whispersystems.textsecuregcm.util.Conversions;
+import org.whispersystems.textsecuregcm.util.Util;
 
 @Path("/v1/config")
 public class RemoteConfigController {
@@ -133,7 +134,7 @@ public class RemoteConfigController {
     digest.update(bb.array());
 
     byte[] hash   = digest.digest(hashKey);
-    int    bucket = (int)(Math.abs(Conversions.byteArrayToLong(hash)) % 100);
+    int    bucket = (int)(Util.ensureNonNegativeLong(Conversions.byteArrayToLong(hash)) % 100);
 
     return bucket < configPercentage;
   }

service/src/main/java/org/whispersystems/textsecuregcm/currency/CoinMarketCapClient.java

@@ -0,0 +1,79 @@
+package org.whispersystems.textsecuregcm.currency;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.google.common.annotations.VisibleForTesting;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.util.SystemMapper;
+import java.io.IOException;
+import java.math.BigDecimal;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.util.Map;
+
+public class CoinMarketCapClient {
+
+  private final HttpClient httpClient;
+  private final String apiKey;
+  private final Map<String, Integer> currencyIdsBySymbol;
+
+  private static final Logger logger = LoggerFactory.getLogger(CoinMarketCapClient.class);
+
+  record CoinMarketCapResponse(@JsonProperty("data") PriceConversionResponse priceConversionResponse) {};
+
+  record PriceConversionResponse(int id, String symbol, Map<String, PriceConversionQuote> quote) {};
+
+  record PriceConversionQuote(BigDecimal price) {};
+
+  public CoinMarketCapClient(final HttpClient httpClient, final String apiKey, final Map<String, Integer> currencyIdsBySymbol) {
+    this.httpClient = httpClient;
+    this.apiKey = apiKey;
+    this.currencyIdsBySymbol = currencyIdsBySymbol;
+  }
+
+  public BigDecimal getSpotPrice(final String currency, final String base) throws IOException {
+    if (!currencyIdsBySymbol.containsKey(currency)) {
+      throw new IllegalArgumentException("No currency ID found for " + currency);
+    }
+
+    final URI quoteUri = URI.create(
+        String.format("https://pro-api.coinmarketcap.com/v2/tools/price-conversion?amount=1&id=%d&convert=%s",
+            currencyIdsBySymbol.get(currency), base));
+
+    try {
+      final HttpResponse<String> response = httpClient.send(HttpRequest.newBuilder()
+              .GET()
+              .uri(quoteUri)
+              .header("X-CMC_PRO_API_KEY", apiKey)
+              .build(),
+          HttpResponse.BodyHandlers.ofString());
+
+      if (response.statusCode() < 200 || response.statusCode() >= 300) {
+        logger.warn("CoinMarketCapRequest failed with response: {}", response);
+        throw new IOException("CoinMarketCap request failed with status code " + response.statusCode());
+      }
+
+      return extractConversionRate(parseResponse(response.body()), base);
+    } catch (final InterruptedException e) {
+      throw new IOException("Interrupted while waiting for a response", e);
+    }
+  }
+
+  @VisibleForTesting
+  static CoinMarketCapResponse parseResponse(final String responseJson) throws JsonProcessingException {
+    return SystemMapper.getMapper().readValue(responseJson, CoinMarketCapResponse.class);
+  }
+
+  @VisibleForTesting
+  static BigDecimal extractConversionRate(final CoinMarketCapResponse response, final String destinationCurrency)
+      throws IOException {
+    if (!response.priceConversionResponse().quote.containsKey(destinationCurrency)) {
+      throw new IOException("Response does not contain conversion rate for " + destinationCurrency);
+    }
+
+    return response.priceConversionResponse().quote.get(destinationCurrency).price();
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/currency/CurrencyConversionManager.java

@@ -1,47 +1,63 @@
 package org.whispersystems.textsecuregcm.currency;
 
 import com.google.common.annotations.VisibleForTesting;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.entities.CurrencyConversionEntity;
-import org.whispersystems.textsecuregcm.entities.CurrencyConversionEntityList;
-import org.whispersystems.textsecuregcm.util.Util;
-
+import io.dropwizard.lifecycle.Managed;
+import io.lettuce.core.SetArgs;
 import java.io.IOException;
 import java.math.BigDecimal;
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
-
-import io.dropwizard.lifecycle.Managed;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.entities.CurrencyConversionEntity;
+import org.whispersystems.textsecuregcm.entities.CurrencyConversionEntityList;
+import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
+import org.whispersystems.textsecuregcm.util.Util;
 
 public class CurrencyConversionManager implements Managed {
 
   private static final Logger logger = LoggerFactory.getLogger(CurrencyConversionManager.class);
 
-  private static final long FIXER_INTERVAL = TimeUnit.HOURS.toMillis(2);
-  private static final long FTX_INTERVAL   = TimeUnit.MINUTES.toMillis(5);
+  @VisibleForTesting
+  static final Duration FIXER_REFRESH_INTERVAL = Duration.ofHours(2);
+
+  private static final Duration COIN_MARKET_CAP_REFRESH_INTERVAL = Duration.ofMinutes(5);
+
+  @VisibleForTesting
+  static final String COIN_MARKET_CAP_SHARED_CACHE_CURRENT_KEY = "CurrencyConversionManager::CoinMarketCapCacheCurrent";
+  private static final String COIN_MARKET_CAP_SHARED_CACHE_DATA_KEY = "CurrencyConversionManager::CoinMarketCapCacheData";
 
   private final FixerClient  fixerClient;
-  private final FtxClient    ftxClient;
+  private final CoinMarketCapClient coinMarketCapClient;
+  private final FaultTolerantRedisCluster cacheCluster;
+  private final Clock clock;
+
   private final List<String> currencies;
 
-  private AtomicReference<CurrencyConversionEntityList> cached = new AtomicReference<>(null);
+  private final AtomicReference<CurrencyConversionEntityList> cached = new AtomicReference<>(null);
 
-  private long fixerUpdatedTimestamp;
-  private long ftxUpdatedTimestamp;
+  private Instant fixerUpdatedTimestamp = Instant.MIN;
 
   private Map<String, BigDecimal> cachedFixerValues;
-  private Map<String, BigDecimal> cachedFtxValues;
+  private Map<String, BigDecimal> cachedCoinMarketCapValues;
 
-  public CurrencyConversionManager(FixerClient fixerClient, FtxClient ftxClient, List<String> currencies) {
+  public CurrencyConversionManager(final FixerClient fixerClient,
+      final CoinMarketCapClient coinMarketCapClient,
+      final FaultTolerantRedisCluster cacheCluster,
+      final List<String> currencies,
+      final Clock clock) {
     this.fixerClient = fixerClient;
-    this.ftxClient   = ftxClient;
+    this.coinMarketCapClient = coinMarketCapClient;
+    this.cacheCluster = cacheCluster;
     this.currencies  = currencies;
+    this.clock = clock;
   }
 
   public Optional<CurrencyConversionEntityList> getCurrencyConversions() {
@@ -70,25 +86,55 @@ public class CurrencyConversionManager implements Managed {
 
   @VisibleForTesting
   void updateCacheIfNecessary() throws IOException {
-    if (System.currentTimeMillis() - fixerUpdatedTimestamp > FIXER_INTERVAL || cachedFixerValues == null) {
-      this.cachedFixerValues     = new HashMap<>(fixerClient.getConversionsForBase("USD"));
-      this.fixerUpdatedTimestamp = System.currentTimeMillis();
+    if (Duration.between(fixerUpdatedTimestamp, clock.instant()).abs().compareTo(FIXER_REFRESH_INTERVAL) >= 0 || cachedFixerValues == null) {
+      this.cachedFixerValues = new HashMap<>(fixerClient.getConversionsForBase("USD"));
+      this.fixerUpdatedTimestamp = clock.instant();
     }
 
-    if (System.currentTimeMillis() - ftxUpdatedTimestamp > FTX_INTERVAL || cachedFtxValues == null) {
-      Map<String, BigDecimal> cachedFtxValues = new HashMap<>();
+    {
+      final Map<String, BigDecimal> coinMarketCapValuesFromSharedCache = cacheCluster.withCluster(connection -> {
+        final Map<String, BigDecimal> parsedSharedCacheData = new HashMap<>();
 
-      for (String currency : currencies) {
-        cachedFtxValues.put(currency, ftxClient.getSpotPrice(currency, "USD"));
+        connection.sync().hgetall(COIN_MARKET_CAP_SHARED_CACHE_DATA_KEY).forEach((currency, conversionRate) ->
+            parsedSharedCacheData.put(currency, new BigDecimal(conversionRate)));
+
+        return parsedSharedCacheData;
+      });
+
+      if (coinMarketCapValuesFromSharedCache != null && !coinMarketCapValuesFromSharedCache.isEmpty()) {
+        cachedCoinMarketCapValues = coinMarketCapValuesFromSharedCache;
+      }
+    }
+
+    final boolean shouldUpdateSharedCache = cacheCluster.withCluster(connection ->
+        "OK".equals(connection.sync().set(COIN_MARKET_CAP_SHARED_CACHE_CURRENT_KEY,
+            "true",
+            SetArgs.Builder.nx().ex(COIN_MARKET_CAP_REFRESH_INTERVAL))));
+
+    if (shouldUpdateSharedCache || cachedCoinMarketCapValues == null) {
+      final Map<String, BigDecimal> conversionRatesFromCoinMarketCap = new HashMap<>(currencies.size());
+
+      for (final String currency : currencies) {
+        conversionRatesFromCoinMarketCap.put(currency, coinMarketCapClient.getSpotPrice(currency, "USD"));
       }
 
-      this.cachedFtxValues     = cachedFtxValues;
-      this.ftxUpdatedTimestamp = System.currentTimeMillis();
+      cachedCoinMarketCapValues = conversionRatesFromCoinMarketCap;
+
+      if (shouldUpdateSharedCache) {
+        cacheCluster.useCluster(connection -> {
+          final Map<String, String> sharedCoinMarketCapValues = new HashMap<>();
+
+          cachedCoinMarketCapValues.forEach((currency, conversionRate) ->
+              sharedCoinMarketCapValues.put(currency, conversionRate.toString()));
+
+          connection.sync().hset(COIN_MARKET_CAP_SHARED_CACHE_DATA_KEY, sharedCoinMarketCapValues);
+        });
+      }
     }
 
     List<CurrencyConversionEntity> entities = new LinkedList<>();
 
-    for (Map.Entry<String, BigDecimal> currency : cachedFtxValues.entrySet()) {
+    for (Map.Entry<String, BigDecimal> currency : cachedCoinMarketCapValues.entrySet()) {
       BigDecimal usdValue = stripTrailingZerosAfterDecimal(currency.getValue());
 
       Map<String, BigDecimal> values = new HashMap<>();
@@ -101,8 +147,7 @@ public class CurrencyConversionManager implements Managed {
       entities.add(new CurrencyConversionEntity(currency.getKey(), values));
     }
 
-
-    this.cached.set(new CurrencyConversionEntityList(entities,  ftxUpdatedTimestamp));
+    this.cached.set(new CurrencyConversionEntityList(entities, clock.millis()));
   }
 
   private BigDecimal stripTrailingZerosAfterDecimal(BigDecimal bigDecimal) {
@@ -113,15 +158,4 @@ public class CurrencyConversionManager implements Managed {
       return n;
     }
   }
-
-  @VisibleForTesting
-  void setFixerUpdatedTimestamp(long timestamp) {
-    this.fixerUpdatedTimestamp = timestamp;
-  }
-
-  @VisibleForTesting
-  void setFtxUpdatedTimestamp(long timestamp) {
-    this.ftxUpdatedTimestamp = timestamp;
-  }
-
 }

service/src/main/java/org/whispersystems/textsecuregcm/currency/FtxClient.java

@@ -1,69 +0,0 @@
-package org.whispersystems.textsecuregcm.currency;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import org.whispersystems.textsecuregcm.util.SystemMapper;
-
-import java.io.IOException;
-import java.math.BigDecimal;
-import java.net.URI;
-import java.net.http.HttpClient;
-import java.net.http.HttpRequest;
-import java.net.http.HttpResponse;
-
-public class FtxClient {
-
-  private final HttpClient client;
-
-  public FtxClient(HttpClient client) {
-    this.client = client;
-  }
-
-  public BigDecimal getSpotPrice(String currency, String base) throws FtxException{
-    try {
-      URI uri = URI.create("https://ftx.com/api/markets/" + currency + "/" + base);
-
-      HttpResponse<String> response =  client.send(HttpRequest.newBuilder()
-                                                              .GET()
-                                                              .uri(uri)
-                                                              .build(),
-                                                   HttpResponse.BodyHandlers.ofString());
-
-      if (response.statusCode() < 200 || response.statusCode() >= 300) {
-        throw new FtxException("Bad response: " + response.statusCode() + " " + response.toString());
-      }
-
-      FtxResponse parsedResponse = SystemMapper.getMapper().readValue(response.body(), FtxResponse.class);
-
-      return parsedResponse.result.price;
-
-    } catch (IOException | InterruptedException e) {
-      throw new FtxException(e);
-    }
-  }
-
-  private static class FtxResponse {
-
-    @JsonProperty
-    private FtxResult result;
-
-  }
-
-  private static class FtxResult {
-
-    @JsonProperty
-    private BigDecimal price;
-
-  }
-
-  public static class FtxException extends IOException {
-    public FtxException(String message) {
-      super(message);
-    }
-
-    public FtxException(Exception exception) {
-      super(exception);
-    }
-  }
-
-}

service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountIdentityResponse.java

@@ -5,56 +5,12 @@
 
 package org.whispersystems.textsecuregcm.entities;
 
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-import javax.annotation.Nullable;
 import java.util.UUID;
+import javax.annotation.Nullable;
 
-public class AccountIdentityResponse {
-
-  private final UUID uuid;
-  private final String number;
-  private final UUID pni;
-
-  @Nullable
-  private final String username;
-
-  private final boolean storageCapable;
-
-  @JsonCreator
-  public AccountIdentityResponse(
-      @JsonProperty("uuid") final UUID uuid,
-      @JsonProperty("number") final String number,
-      @JsonProperty("pni") final UUID pni,
-      @JsonProperty("username") @Nullable final String username,
-      @JsonProperty("storageCapable") final boolean storageCapable) {
-
-    this.uuid = uuid;
-    this.number = number;
-    this.pni = pni;
-    this.username = username;
-    this.storageCapable = storageCapable;
-  }
-
-  public UUID getUuid() {
-    return uuid;
-  }
-
-  public String getNumber() {
-    return number;
-  }
-
-  public UUID getPni() {
-    return pni;
-  }
-
-  @Nullable
-  public String getUsername() {
-    return username;
-  }
-
-  public boolean isStorageCapable() {
-    return storageCapable;
-  }
+public record AccountIdentityResponse(UUID uuid,
+                                      String number,
+                                      UUID pni,
+                                      @Nullable String username,
+                                      boolean storageCapable) {
 }

service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountMismatchedDevices.java

@@ -15,6 +15,10 @@ public class AccountMismatchedDevices {
   @JsonProperty
   public final MismatchedDevices devices;
 
+  public String toString() {
+    return "AccountMismatchedDevices(" + uuid + ", " + devices + ")";
+  }
+
   public AccountMismatchedDevices(final UUID uuid, final MismatchedDevices devices) {
     this.uuid = uuid;
     this.devices = devices;

service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountStaleDevices.java

@@ -15,6 +15,10 @@ public class AccountStaleDevices {
   @JsonProperty
   public final StaleDevices devices;
 
+  public String toString() {
+    return "AccountStaleDevices(" + uuid + ", " + devices + ")";
+  }
+
   public AccountStaleDevices(final UUID uuid, final StaleDevices devices) {
     this.uuid = uuid;
     this.devices = devices;

service/src/main/java/org/whispersystems/textsecuregcm/entities/ApplePayAuthorizationRequest.java

@@ -1,42 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.entities;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.google.common.annotations.VisibleForTesting;
-import javax.validation.constraints.Min;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.Pattern;
-import javax.validation.constraints.Size;
-
-public class ApplePayAuthorizationRequest {
-
-  private String currency;
-  private long amount;
-
-  @JsonProperty
-  @NotEmpty
-  @Size(min=3, max=3)
-  @Pattern(regexp="[a-z]{3}")
-  public String getCurrency() {
-    return currency;
-  }
-
-  public void setCurrency(final String currency) {
-    this.currency = currency;
-  }
-
-  @JsonProperty
-  @Min(0)
-  public long getAmount() {
-    return amount;
-  }
-
-  @VisibleForTesting
-  public void setAmount(final long amount) {
-    this.amount = amount;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/entities/ApplePayAuthorizationResponse.java

@@ -1,44 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.entities;
-
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import io.dropwizard.util.Strings;
-import javax.validation.constraints.NotEmpty;
-
-public class ApplePayAuthorizationResponse {
-
-  private final String id;
-  private final String clientSecret;
-
-  @JsonCreator
-  public ApplePayAuthorizationResponse(
-      @JsonProperty("id") final String id,
-      @JsonProperty("client_secret") final String clientSecret) {
-    if (Strings.isNullOrEmpty(id)) {
-      throw new IllegalArgumentException("id cannot be empty");
-    }
-    if (Strings.isNullOrEmpty(clientSecret)) {
-      throw new IllegalArgumentException("clientSecret cannot be empty");
-    }
-
-    this.id = id;
-    this.clientSecret = clientSecret;
-  }
-
-  @JsonProperty("id")
-  @NotEmpty
-  public String getId() {
-    return id;
-  }
-
-  @JsonProperty("client_secret")
-  @NotEmpty
-  public String getClientSecret() {
-    return clientSecret;
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/entities/BatchIdentityCheckRequest.java

@@ -7,6 +7,7 @@ package org.whispersystems.textsecuregcm.entities;
 
 import java.util.List;
 import java.util.UUID;
+import javax.annotation.Nullable;
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
@@ -15,11 +16,22 @@ import org.whispersystems.textsecuregcm.util.ExactlySize;
 public record BatchIdentityCheckRequest(@Valid @NotNull @Size(max = 1000) List<Element> elements) {
 
   /**
-   * @param aci         account id
-   * @param fingerprint most significant 4 bytes of SHA-256 of the 33-byte identity key field (32-byte curve25519
-   *                    public key prefixed with 0x05)
+   * @param uuid        account id or phone number id
+   * @param fingerprint most significant 4 bytes of SHA-256 of the 33-byte identity key field (32-byte curve25519 public
+   *                    key prefixed with 0x05)
    */
-  public record Element(@NotNull UUID aci, @NotNull @ExactlySize(4) byte[] fingerprint) {
+  public record Element(@Deprecated @Nullable UUID aci,
+                        @Nullable UUID uuid,
+                        @NotNull @ExactlySize(4) byte[] fingerprint) {
 
+    public Element {
+      if (aci == null && uuid == null) {
+        throw new IllegalArgumentException("aci and uuid cannot both be null");
+      }
+
+      if (aci != null && uuid != null) {
+        throw new IllegalArgumentException("aci and uuid cannot both be non-null");
+      }
+    }
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/entities/BatchIdentityCheckResponse.java

@@ -5,12 +5,28 @@
 
 package org.whispersystems.textsecuregcm.entities;
 
+import com.fasterxml.jackson.annotation.JsonInclude;
 import java.util.List;
 import java.util.UUID;
+import javax.annotation.Nullable;
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 import org.whispersystems.textsecuregcm.util.ExactlySize;
 
 public record BatchIdentityCheckResponse(@Valid List<Element> elements) {
-  public record Element(@NotNull UUID aci, @NotNull @ExactlySize(33) byte[] identityKey) {}
+
+  public record Element(@Deprecated @JsonInclude(JsonInclude.Include.NON_EMPTY) @Nullable UUID aci,
+                        @JsonInclude(JsonInclude.Include.NON_EMPTY) @Nullable UUID uuid,
+                        @NotNull @ExactlySize(33) byte[] identityKey) {
+
+    public Element {
+      if (aci == null && uuid == null) {
+        throw new IllegalArgumentException("aci and uuid cannot both be null");
+      }
+
+      if (aci != null && uuid != null) {
+        throw new IllegalArgumentException("aci and uuid cannot both be non-null");
+      }
+    }
+  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessage.java

@@ -17,7 +17,9 @@ public record IncomingMessage(int type, long destinationDeviceId, int destinatio
       @Nullable Account sourceAccount,
       @Nullable Long sourceDeviceId,
       final long timestamp,
-      final boolean urgent) {
+      final boolean story,
+      final boolean urgent,
+      @Nullable byte[] reportSpamToken) {
 
     final MessageProtos.Envelope.Type envelopeType = MessageProtos.Envelope.Type.forNumber(type());
 
@@ -31,13 +33,19 @@ public record IncomingMessage(int type, long destinationDeviceId, int destinatio
         .setTimestamp(timestamp)
         .setServerTimestamp(System.currentTimeMillis())
         .setDestinationUuid(destinationUuid.toString())
+        .setStory(story)
         .setUrgent(urgent);
 
     if (sourceAccount != null && sourceDeviceId != null) {
-      envelopeBuilder.setSourceUuid(sourceAccount.getUuid().toString())
+      envelopeBuilder
+          .setSourceUuid(sourceAccount.getUuid().toString())
           .setSourceDevice(sourceDeviceId.intValue());
     }
 
+    if (reportSpamToken != null) {
+      envelopeBuilder.setReportSpamToken(ByteString.copyFrom(reportSpamToken));
+    }
+
     if (StringUtils.isNotEmpty(content())) {
       envelopeBuilder.setContent(ByteString.copyFrom(Base64.getDecoder().decode(content())));
     }

service/src/main/java/org/whispersystems/textsecuregcm/entities/MismatchedDevices.java

@@ -21,6 +21,10 @@ public class MismatchedDevices {
   @VisibleForTesting
   public MismatchedDevices() {}
 
+  public String toString() {
+    return "MismatchedDevices(" + missingDevices + ", " + extraDevices + ")";
+  }
+
   public MismatchedDevices(List<Long> missingDevices, List<Long> extraDevices) {
     this.missingDevices = missingDevices;
     this.extraDevices   = extraDevices;

service/src/main/java/org/whispersystems/textsecuregcm/entities/MultiRecipientMessage.java

@@ -5,6 +5,7 @@
 
 package org.whispersystems.textsecuregcm.entities;
 
+import java.util.Arrays;
 import java.util.UUID;
 import javax.validation.Valid;
 import javax.validation.constraints.Max;
@@ -53,6 +54,37 @@ public class MultiRecipientMessage {
     public byte[] getPerRecipientKeyMaterial() {
       return perRecipientKeyMaterial;
     }
+
+    @Override
+    public boolean equals(final Object o) {
+      if (this == o)
+        return true;
+      if (o == null || getClass() != o.getClass())
+        return false;
+
+      Recipient recipient = (Recipient) o;
+
+      if (deviceId != recipient.deviceId)
+        return false;
+      if (registrationId != recipient.registrationId)
+        return false;
+      if (!uuid.equals(recipient.uuid))
+        return false;
+      return Arrays.equals(perRecipientKeyMaterial, recipient.perRecipientKeyMaterial);
+    }
+
+    @Override
+    public int hashCode() {
+      int result = uuid.hashCode();
+      result = 31 * result + (int) (deviceId ^ (deviceId >>> 32));
+      result = 31 * result + registrationId;
+      result = 31 * result + Arrays.hashCode(perRecipientKeyMaterial);
+      return result;
+    }
+
+    public String toString() {
+      return "Recipient(" + uuid + ", " + deviceId + ", " + registrationId + ", " + Arrays.toString(perRecipientKeyMaterial) + ")";
+    }
   }
 
   @NotNull

service/src/main/java/org/whispersystems/textsecuregcm/entities/OutgoingMessageEntity.java

@@ -13,7 +13,7 @@ import javax.annotation.Nullable;
 
 public record OutgoingMessageEntity(UUID guid, int type, long timestamp, @Nullable UUID sourceUuid, int sourceDevice,
                                     UUID destinationUuid, @Nullable UUID updatedPni, byte[] content,
-                                    long serverTimestamp, boolean urgent) {
+                                    long serverTimestamp, boolean urgent, boolean story) {
 
   public MessageProtos.Envelope toEnvelope() {
     final MessageProtos.Envelope.Builder builder = MessageProtos.Envelope.newBuilder()
@@ -22,6 +22,7 @@ public record OutgoingMessageEntity(UUID guid, int type, long timestamp, @Nullab
         .setServerTimestamp(serverTimestamp())
         .setDestinationUuid(destinationUuid().toString())
         .setServerGuid(guid().toString())
+        .setStory(story)
         .setUrgent(urgent);
 
     if (sourceUuid() != null) {
@@ -51,7 +52,8 @@ public record OutgoingMessageEntity(UUID guid, int type, long timestamp, @Nullab
         envelope.hasUpdatedPni() ? UUID.fromString(envelope.getUpdatedPni()) : null,
         envelope.getContent().toByteArray(),
         envelope.getServerTimestamp(),
-        envelope.getUrgent());
+        envelope.getUrgent(),
+        envelope.getStory());
   }
 
   @Override
@@ -63,16 +65,23 @@ public record OutgoingMessageEntity(UUID guid, int type, long timestamp, @Nullab
       return false;
     }
     final OutgoingMessageEntity that = (OutgoingMessageEntity) o;
-    return type == that.type && timestamp == that.timestamp && sourceDevice == that.sourceDevice
-        && serverTimestamp == that.serverTimestamp && guid.equals(that.guid)
-        && Objects.equals(sourceUuid, that.sourceUuid) && destinationUuid.equals(that.destinationUuid)
-        && Objects.equals(updatedPni, that.updatedPni) && Arrays.equals(content, that.content) && urgent == that.urgent;
+    return guid.equals(that.guid) &&
+        type == that.type &&
+        timestamp == that.timestamp &&
+        Objects.equals(sourceUuid, that.sourceUuid) &&
+        sourceDevice == that.sourceDevice &&
+        destinationUuid.equals(that.destinationUuid) &&
+        Objects.equals(updatedPni, that.updatedPni) &&
+        Arrays.equals(content, that.content) &&
+        serverTimestamp == that.serverTimestamp &&
+        urgent == that.urgent &&
+        story == that.story;
   }
 
   @Override
   public int hashCode() {
     int result = Objects.hash(guid, type, timestamp, sourceUuid, sourceDevice, destinationUuid, updatedPni,
-        serverTimestamp, urgent);
+        serverTimestamp, urgent, story);
     result = 31 * result + Arrays.hashCode(content);
     return result;
   }

service/src/main/java/org/whispersystems/textsecuregcm/entities/RegistrationLockFailure.java

@@ -5,32 +5,8 @@
 
 package org.whispersystems.textsecuregcm.entities;
 
-import com.fasterxml.jackson.annotation.JsonIgnore;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 
-public class RegistrationLockFailure {
+public record RegistrationLockFailure(long timeRemaining, ExternalServiceCredentials backupCredentials) {
 
-  @JsonProperty
-  private long timeRemaining;
-
-  @JsonProperty
-  private ExternalServiceCredentials backupCredentials;
-
-  public RegistrationLockFailure() {}
-
-  public RegistrationLockFailure(long timeRemaining, ExternalServiceCredentials backupCredentials) {
-    this.timeRemaining     = timeRemaining;
-    this.backupCredentials = backupCredentials;
-  }
-
-  @JsonIgnore
-  public long getTimeRemaining() {
-    return timeRemaining;
-  }
-
-  @JsonIgnore
-  public ExternalServiceCredentials getBackupCredentials() {
-    return backupCredentials;
-  }
 }

service/src/main/java/org/whispersystems/textsecuregcm/entities/SendMultiRecipientMessageResponse.java

@@ -6,6 +6,7 @@
 package org.whispersystems.textsecuregcm.entities;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.google.common.annotations.VisibleForTesting;
 import java.util.List;
 import java.util.UUID;
 
@@ -16,6 +17,15 @@ public class SendMultiRecipientMessageResponse {
   public SendMultiRecipientMessageResponse() {
   }
 
+  public String toString() {
+    return "SendMultiRecipientMessageResponse(" + uuids404 + ")";
+  }
+
+  @VisibleForTesting
+  public List<UUID> getUUIDs404() {
+    return this.uuids404;
+  }
+
   public SendMultiRecipientMessageResponse(final List<UUID> uuids404) {
     this.uuids404 = uuids404;
   }

service/src/main/java/org/whispersystems/textsecuregcm/entities/SpamReport.java

@@ -0,0 +1,7 @@
+package org.whispersystems.textsecuregcm.entities;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.Valid;
+import javax.validation.constraints.NotEmpty;
+
+public record SpamReport(@JsonProperty("token") @NotEmpty String token) {}

service/src/main/java/org/whispersystems/textsecuregcm/entities/StaleDevices.java

@@ -16,6 +16,10 @@ public class StaleDevices {
 
   public StaleDevices() {}
 
+  public String toString() {
+    return "StaleDevices(" + staleDevices + ")";
+  }
+
   public StaleDevices(List<Long> staleDevices) {
     this.staleDevices = staleDevices;
   }

service/src/main/java/org/whispersystems/textsecuregcm/entities/UserCapabilities.java

@@ -8,85 +8,30 @@ package org.whispersystems.textsecuregcm.entities;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import org.whispersystems.textsecuregcm.storage.Account;
 
-public class UserCapabilities {
+public record UserCapabilities(
+    @JsonProperty("gv1-migration") boolean gv1Migration,
+    boolean senderKey,
+    boolean announcementGroup,
+    boolean changeNumber,
+    boolean stories,
+    boolean giftBadges,
+    boolean paymentActivation,
+    boolean pni) {
 
   public static UserCapabilities createForAccount(Account account) {
     return new UserCapabilities(
-        account.isGroupsV2Supported(),
-        account.isGv1MigrationSupported(),
+        true,
         account.isSenderKeySupported(),
         account.isAnnouncementGroupSupported(),
         account.isChangeNumberSupported(),
         account.isStoriesSupported(),
-        account.isGiftBadgesSupported());
-  }
+        account.isGiftBadgesSupported(),
 
-  @JsonProperty
-  private boolean gv2;
+        // Hardcode payment activation flag to false until all clients support the flow
+        false,
 
-  @JsonProperty("gv1-migration")
-  private boolean gv1Migration;
-
-  @JsonProperty
-  private boolean senderKey;
-
-  @JsonProperty
-  private boolean announcementGroup;
-
-  @JsonProperty
-  private boolean changeNumber;
-
-  @JsonProperty
-  private boolean stories;
-
-  @JsonProperty
-  private boolean giftBadges;
-
-  public UserCapabilities() {
-  }
-
-  public UserCapabilities(final boolean gv2,
-      boolean gv1Migration,
-      final boolean senderKey,
-      final boolean announcementGroup,
-      final boolean changeNumber,
-      final boolean stories,
-      final boolean giftBadges) {
-
-    this.gv2 = gv2;
-    this.gv1Migration = gv1Migration;
-    this.senderKey = senderKey;
-    this.announcementGroup = announcementGroup;
-    this.changeNumber = changeNumber;
-    this.stories = stories;
-    this.giftBadges = giftBadges;
-  }
-
-  public boolean isGv2() {
-    return gv2;
-  }
-
-  public boolean isGv1Migration() {
-    return gv1Migration;
-  }
-
-  public boolean isSenderKey() {
-    return senderKey;
-  }
-
-  public boolean isAnnouncementGroup() {
-    return announcementGroup;
-  }
-
-  public boolean isChangeNumber() {
-    return changeNumber;
-  }
-
-  public boolean isStories() {
-    return stories;
-  }
-
-  public boolean isGiftBadges() {
-    return giftBadges;
+        // Although originally intended to indicate that clients support phone number identifiers, the scope of this
+        // flag has expanded to cover phone number privacy in general
+        account.isPniSupported());
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/filters/ContentLengthFilter.java

@@ -1,37 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.filters;
-
-import static com.codahale.metrics.MetricRegistry.name;
-
-import io.micrometer.core.instrument.Metrics;
-import java.io.IOException;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.metrics.TrafficSource;
-
-public class ContentLengthFilter implements ContainerRequestFilter {
-
-  private static final String CONTENT_LENGTH_DISTRIBUTION_NAME = name(ContentLengthFilter.class, "contentLength");
-
-  private static final Logger logger = LoggerFactory.getLogger(ContentLengthFilter.class);
-  private final TrafficSource trafficSource;
-
-  public ContentLengthFilter(final TrafficSource trafficeSource) {
-    this.trafficSource = trafficeSource;
-  }
-
-  @Override
-  public void filter(final ContainerRequestContext requestContext) throws IOException {
-    try {
-      Metrics.summary(CONTENT_LENGTH_DISTRIBUTION_NAME, "trafficSource", trafficSource.name().toLowerCase()).record(requestContext.getLength());
-    } catch (final Exception e) {
-      logger.warn("Error recording content length", e);
-    }
-  }
-}

service/src/main/java/org/whispersystems/textsecuregcm/filters/RemoteDeprecationFilter.java

@@ -7,6 +7,7 @@ package org.whispersystems.textsecuregcm.filters;
 
 import static com.codahale.metrics.MetricRegistry.name;
 
+import com.google.common.net.HttpHeaders;
 import com.vdurmont.semver4j.Semver;
 import io.micrometer.core.instrument.Metrics;
 import java.io.IOException;
@@ -63,7 +64,7 @@ public class RemoteDeprecationFilter implements Filter {
     boolean shouldBlock = false;
 
     try {
-      final String userAgentString = ((HttpServletRequest) request).getHeader("User-Agent");
+      final String userAgentString = ((HttpServletRequest) request).getHeader(HttpHeaders.USER_AGENT);
       final UserAgent userAgent = UserAgentUtil.parseUserAgentString(userAgentString);
 
       if (blockedVersionsByPlatform.containsKey(userAgent.getPlatform())) {

service/src/main/java/org/whispersystems/textsecuregcm/filters/RequestStatisticsFilter.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.filters;
+
+import static com.codahale.metrics.MetricRegistry.name;
+import static java.util.Objects.requireNonNull;
+
+import com.google.common.net.HttpHeaders;
+import com.google.common.net.InetAddresses;
+import io.micrometer.core.instrument.Metrics;
+import java.io.IOException;
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import javax.annotation.Nonnull;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.metrics.TrafficSource;
+import org.whispersystems.textsecuregcm.util.HeaderUtils;
+
+public class RequestStatisticsFilter implements ContainerRequestFilter {
+
+  private static final Logger logger = LoggerFactory.getLogger(RequestStatisticsFilter.class);
+
+  private static final String CONTENT_LENGTH_DISTRIBUTION_NAME = name(RequestStatisticsFilter.class, "contentLength");
+
+  private static final String IP_VERSION_METRIC = name(RequestStatisticsFilter.class, "ipVersion");
+
+  private static final String TRAFFIC_SOURCE_TAG = "trafficSource";
+
+  private static final String IP_VERSION_TAG = "ipVersion";
+
+  @Nonnull
+  private final String trafficSourceTag;
+
+
+  public RequestStatisticsFilter(@Nonnull final TrafficSource trafficeSource) {
+    this.trafficSourceTag = requireNonNull(trafficeSource).name().toLowerCase();
+  }
+
+  @Override
+  public void filter(final ContainerRequestContext requestContext) throws IOException {
+    try {
+      Metrics.summary(CONTENT_LENGTH_DISTRIBUTION_NAME, TRAFFIC_SOURCE_TAG, trafficSourceTag)
+          .record(requestContext.getLength());
+      Metrics.counter(IP_VERSION_METRIC, TRAFFIC_SOURCE_TAG, trafficSourceTag, IP_VERSION_TAG, resolveIpVersion(requestContext))
+          .increment();
+    } catch (final Exception e) {
+      logger.warn("Error recording request statistics", e);
+    }
+  }
+
+  @Nonnull
+  private static String resolveIpVersion(@Nonnull final ContainerRequestContext ctx) {
+    return HeaderUtils.getMostRecentProxy(ctx.getHeaderString(HttpHeaders.X_FORWARDED_FOR))
+        .map(ipString -> {
+              try {
+                //noinspection UnstableApiUsage
+                final InetAddress addr = InetAddresses.forString(ipString);
+                if (addr instanceof Inet4Address) {
+                  return "IPv4";
+                }
+                if (addr instanceof Inet6Address) {
+                  return "IPv6";
+                }
+              } catch (IllegalArgumentException e) {
+                // ignore illegal argument exception
+              }
+              return null;
+            })
+        .orElse("unresolved");
+  }
+}

service/src/main/java/org/whispersystems/textsecuregcm/filters/TimestampResponseFilter.java

@@ -5,11 +5,10 @@
 
 package org.whispersystems.textsecuregcm.filters;
 
-import org.whispersystems.textsecuregcm.util.TimestampHeaderUtil;
-
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerResponseContext;
 import javax.ws.rs.container.ContainerResponseFilter;
+import org.whispersystems.textsecuregcm.util.HeaderUtils;
 
 /**
  * Injects a timestamp header into all outbound responses.
@@ -18,6 +17,6 @@ public class TimestampResponseFilter implements ContainerResponseFilter {
 
     @Override
     public void filter(final ContainerRequestContext requestContext, final ContainerResponseContext responseContext) {
-        responseContext.getHeaders().add(TimestampHeaderUtil.TIMESTAMP_HEADER, System.currentTimeMillis());
+        responseContext.getHeaders().add(HeaderUtils.TIMESTAMP_HEADER, System.currentTimeMillis());
     }
 }

service/src/main/java/org/whispersystems/textsecuregcm/http/FaultTolerantHttpClient.java

@@ -135,7 +135,7 @@ public class FaultTolerantHttpClient {
       return this;
     }
 
-    public Builder withTrustedServerCertificate(final String certificatePem) throws CertificateException {
+    public Builder withTrustedServerCertificates(final String... certificatePem) throws CertificateException {
       this.trustStore = CertificateUtil.buildKeyStoreForPem(certificatePem);
       return this;
     }

service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitChallengeException.java

@@ -1,29 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.limits;
-
-import java.time.Duration;
-import org.whispersystems.textsecuregcm.storage.Account;
-
-public class RateLimitChallengeException extends Exception {
-
-  private final Account account;
-  private final Duration retryAfter;
-
-  public RateLimitChallengeException(final Account account, final Duration retryAfter) {
-    this.account = account;
-    this.retryAfter = retryAfter;
-  }
-
-  public Account getAccount() {
-    return account;
-  }
-
-  public Duration getRetryAfter() {
-    return retryAfter;
-  }
-
-}

service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitChallengeManager.java

@@ -5,22 +5,22 @@ import static com.codahale.metrics.MetricRegistry.name;
 import io.micrometer.core.instrument.Metrics;
 import io.micrometer.core.instrument.Tag;
 import io.micrometer.core.instrument.Tags;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import org.whispersystems.textsecuregcm.abuse.RateLimitChallengeListener;
+import org.whispersystems.textsecuregcm.captcha.CaptchaChecker;
 import org.whispersystems.textsecuregcm.controllers.RateLimitExceededException;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
 import org.whispersystems.textsecuregcm.push.NotPushRegisteredException;
-import org.whispersystems.textsecuregcm.recaptcha.RecaptchaClient;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.util.Util;
 
 public class RateLimitChallengeManager {
 
   private final PushChallengeManager pushChallengeManager;
-  private final RecaptchaClient recaptchaClient;
-
+  private final CaptchaChecker captchaChecker;
   private final DynamicRateLimiters rateLimiters;
 
   private final List<RateLimitChallengeListener> rateLimitChallengeListeners =
@@ -34,11 +34,11 @@ public class RateLimitChallengeManager {
 
   public RateLimitChallengeManager(
       final PushChallengeManager pushChallengeManager,
-      final RecaptchaClient recaptchaClient,
+      final CaptchaChecker captchaChecker,
       final DynamicRateLimiters rateLimiters) {
 
     this.pushChallengeManager = pushChallengeManager;
-    this.recaptchaClient = recaptchaClient;
+    this.captchaChecker = captchaChecker;
     this.rateLimiters = rateLimiters;
   }
 
@@ -58,11 +58,11 @@ public class RateLimitChallengeManager {
   }
 
   public void answerRecaptchaChallenge(final Account account, final String captcha, final String mostRecentProxyIp, final String userAgent)
-      throws RateLimitExceededException {
+      throws RateLimitExceededException, IOException {
 
     rateLimiters.getRecaptchaChallengeAttemptLimiter().validate(account.getUuid());
 
-    final boolean challengeSuccess = recaptchaClient.verify(captcha, mostRecentProxyIp);
+    final boolean challengeSuccess = captchaChecker.verify(captcha, mostRecentProxyIp).valid();
 
     final Tags tags = Tags.of(
         Tag.of(SOURCE_COUNTRY_TAG_NAME, Util.getCountryCode(account.getNumber())),

service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimiters.java

@@ -15,7 +15,6 @@ public class RateLimiters {
   private final RateLimiter voiceDestinationDailyLimiter;
   private final RateLimiter smsVoiceIpLimiter;
   private final RateLimiter smsVoicePrefixLimiter;
-  private final RateLimiter autoBlockLimiter;
   private final RateLimiter verifyLimiter;
   private final RateLimiter pinLimiter;
 
@@ -30,6 +29,8 @@ public class RateLimiters {
 
   private final RateLimiter profileLimiter;
   private final RateLimiter stickerPackLimiter;
+
+  private final RateLimiter artPackLimiter;
   private final RateLimiter usernameLookupLimiter;
   private final RateLimiter usernameSetLimiter;
 
@@ -37,6 +38,8 @@ public class RateLimiters {
 
   private final RateLimiter checkAccountExistenceLimiter;
 
+  private final RateLimiter storiesLimiter;
+
   public RateLimiters(RateLimitsConfiguration config, FaultTolerantRedisCluster cacheCluster) {
     this.smsDestinationLimiter = new RateLimiter(cacheCluster, "smsDestination",
                                                  config.getSmsDestination().getBucketSize(),
@@ -58,10 +61,6 @@ public class RateLimiters {
                                                  config.getSmsVoicePrefix().getBucketSize(),
                                                  config.getSmsVoicePrefix().getLeakRatePerMinute());
 
-    this.autoBlockLimiter = new RateLimiter(cacheCluster, "autoBlock",
-                                            config.getAutoBlock().getBucketSize(),
-                                            config.getAutoBlock().getLeakRatePerMinute());
-
     this.verifyLimiter = new LockingRateLimiter(cacheCluster, "verify",
                                                 config.getVerifyNumber().getBucketSize(),
                                                 config.getVerifyNumber().getLeakRatePerMinute());
@@ -102,6 +101,10 @@ public class RateLimiters {
                                               config.getStickerPack().getBucketSize(),
                                               config.getStickerPack().getLeakRatePerMinute());
 
+    this.artPackLimiter = new RateLimiter(cacheCluster, "artPack",
+        config.getArtPack().getBucketSize(),
+        config.getArtPack().getLeakRatePerMinute());
+
     this.usernameLookupLimiter = new RateLimiter(cacheCluster, "usernameLookup",
                                                  config.getUsernameLookup().getBucketSize(),
                                                  config.getUsernameLookup().getLeakRatePerMinute());
@@ -118,6 +121,10 @@ public class RateLimiters {
     this.checkAccountExistenceLimiter = new RateLimiter(cacheCluster, "checkAccountExistence",
         config.getCheckAccountExistence().getBucketSize(),
         config.getCheckAccountExistence().getLeakRatePerMinute());
+
+    this.storiesLimiter = new RateLimiter(cacheCluster, "stories",
+        config.getStories().getBucketSize(),
+        config.getStories().getLeakRatePerMinute());
   }
 
   public RateLimiter getAllocateDeviceLimiter() {
@@ -152,10 +159,6 @@ public class RateLimiters {
     return smsVoicePrefixLimiter;
   }
 
-  public RateLimiter getAutoBlockLimiter() {
-    return autoBlockLimiter;
-  }
-
   public RateLimiter getVoiceDestinationLimiter() {
     return voiceDestinationLimiter;
   }
@@ -184,6 +187,10 @@ public class RateLimiters {
     return stickerPackLimiter;
   }
 
+  public RateLimiter getArtPackLimiter() {
+    return artPackLimiter;
+  }
+
   public RateLimiter getUsernameLookupLimiter() {
     return usernameLookupLimiter;
   }
@@ -199,4 +206,6 @@ public class RateLimiters {
   public RateLimiter getCheckAccountExistenceLimiter() {
     return checkAccountExistenceLimiter;
   }
+
+  public RateLimiter getStoriesLimiter() { return storiesLimiter; }
 }

service/src/main/java/org/whispersystems/textsecuregcm/mappers/CompletionExceptionMapper.java

@@ -5,7 +5,9 @@
 
 package org.whispersystems.textsecuregcm.mappers;
 
+import java.util.Optional;
 import java.util.concurrent.CompletionException;
+import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.ExceptionMapper;
@@ -23,8 +25,25 @@ public class CompletionExceptionMapper implements ExceptionMapper<CompletionExce
     final Throwable cause = exception.getCause();
 
     if (cause != null) {
+
       final Class type = cause.getClass();
-      return providers.getExceptionMapper(type).toResponse(cause);
+      final ExceptionMapper exceptionMapper = providers.getExceptionMapper(type);
+
+      // some exception mappers, like LoggingExceptionMapper, have side effects (e.g., logging)
+      // so we always build their response…
+      final Response exceptionMapperResponse = exceptionMapper.toResponse(cause);
+
+      final Optional<Response> webApplicationExceptionResponse;
+      if (cause instanceof WebApplicationException webApplicationException) {
+        webApplicationExceptionResponse = Optional.of(webApplicationException.getResponse());
+      } else {
+        webApplicationExceptionResponse = Optional.empty();
+      }
+
+      // …but if the exception was a WebApplicationException, and provides an entity, we want to keep it
+      return webApplicationExceptionResponse
+          .filter(Response::hasEntity)
+          .orElse(exceptionMapperResponse);
     }
 
     return Response.serverError().build();