Refactor to CensorshipCircumvention and Meek classes. Use Meek domain fronting when requesting bridges in frontend

cli/onionshare_cli/__init__.py

@@ -28,6 +28,7 @@ from datetime import timedelta
 
 from .common import Common, CannotFindTor
 from .censorship import CensorshipCircumvention
+from .meek import Meek, MeekNotRunning
 from .web import Web
 from .onion import TorErrorProtocolError, TorTooOldEphemeral, TorTooOldStealth, Onion
 from .onionshare import OnionShare
@@ -284,6 +285,18 @@ def main(cwd=None):
     # Create the Web object
     web = Web(common, False, mode_settings, mode)
 
+    # Create the Meek object and start the meek client
+    meek = Meek(common)
+    meek.start()
+
+    # Create the CensorshipCircumvention object to make
+    # API calls to Tor over Meek
+    censorship = CensorshipCircumvention(common, meek)
+    # Example: request recommended bridges, pretending to be from China, using
+    # domain fronting.
+    # censorship_recommended_settings = censorship.request_settings(country="cn")
+    # print(censorship_recommended_settings)
+
     # Start the Onion object
     try:
         onion = Onion(common, use_tmp_dir=True)

cli/onionshare_cli/censorship.py

@@ -18,77 +18,30 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 import requests
-import subprocess
+
+from .meek import MeekNotRunning
 
 
-class CensorshipCircumvention:
+class CensorshipCircumvention(object):
     """
-    The CensorShipCircumvention object contains methods to detect
-    and offer solutions to censorship when connecting to Tor.
+    Connect to the Tor Moat APIs to retrieve censorship
+    circumvention recommendations, over the Meek client.
     """
 
-    def __init__(self, common):
-
+    def __init__(self, common, meek, domain_fronting=True):
+        """
+        Set up the CensorshipCircumvention object to hold
+        common and meek objects.
+        """
         self.common = common
+        self.meek = meek
         self.common.log("CensorshipCircumvention", "__init__")
 
-        get_tor_paths = self.common.get_tor_paths
-        (
-            self.tor_path,
-            self.tor_geo_ip_file_path,
-            self.tor_geo_ipv6_file_path,
-            self.obfs4proxy_file_path,
-            self.meek_client_file_path,
-        ) = get_tor_paths()
+        # Bail out if we requested domain fronting but we can't use meek
+        if domain_fronting and not self.meek.meek_proxies:
+            raise MeekNotRunning()
 
-        meek_url = "https://moat.torproject.org.global.prod.fastly.net/"
-        meek_front = "cdn.sstatic.net"
-        meek_env = {
-            "TOR_PT_MANAGED_TRANSPORT_VER": "1",
-            "TOR_PT_CLIENT_TRANSPORTS": "meek",
-        }
-
-        # @TODO detect the port from the subprocess output
-        meek_address = "127.0.0.1"
-        meek_port = "43533"  # hardcoded for testing
-        self.meek_proxies = {
-            "http": f"socks5h://{meek_address}:{meek_port}",
-            "https": f"socks5h://{meek_address}:{meek_port}",
-        }
-
-        # Start the Meek Client as a subprocess.
-        # This will be used to do domain fronting to the Tor
-        # Moat API endpoints for censorship circumvention as
-        # well as BridgeDB lookups.
-
-        if self.common.platform == "Windows":
-            # In Windows, hide console window when opening tor.exe subprocess
-            startupinfo = subprocess.STARTUPINFO()
-            startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
-            self.meek_proc = subprocess.Popen(
-                [self.meek_client_file_path, "--url", meek_url, "--front", meek_front],
-                stdout=subprocess.PIPE,
-                startupinfo=startupinfo,
-                bufsize=1,
-                env=meek_env,
-                text=True,
-            )
-        else:
-            self.meek_proc = subprocess.Popen(
-                [self.meek_client_file_path, "--url", meek_url, "--front", meek_front],
-                stdout=subprocess.PIPE,
-                bufsize=1,
-                env=meek_env,
-                text=True,
-            )
-
-            # if "CMETHOD meek socks5" in line:
-            #    self.meek_host = (line.split(" ")[3].split(":")[0])
-            #    self.meek_port = (line.split(" ")[3].split(":")[1])
-            #    self.common.log("CensorshipCircumvention", "__init__", f"Meek host is {self.meek_host}")
-            #    self.common.log("CensorshipCircumvention", "__init__", f"Meek port is {self.meek_port}")
-
-    def censorship_obtain_map(self, country=False):
+    def request_map(self, country=False):
         """
         Retrieves the Circumvention map from Tor Project and store it
         locally for further look-ups if required.
@@ -108,7 +61,7 @@ class CensorshipCircumvention:
             endpoint,
             json=data,
             headers={"Content-Type": "application/vnd.api+json"},
-            proxies=self.meek_proxies,
+            proxies=self.meek.meek_proxies,
         )
         if r.status_code != 200:
             self.common.log(
@@ -130,7 +83,7 @@ class CensorshipCircumvention:
 
         return result
 
-    def censorship_obtain_settings(self, country=False, transports=False):
+    def request_settings(self, country=False, transports=False):
         """
         Retrieves the Circumvention Settings from Tor Project, which
         will return recommended settings based on the country code of
@@ -152,7 +105,7 @@ class CensorshipCircumvention:
             endpoint,
             json=data,
             headers={"Content-Type": "application/vnd.api+json"},
-            proxies=self.meek_proxies,
+            proxies=self.meek.meek_proxies,
         )
         if r.status_code != 200:
             self.common.log(
@@ -185,7 +138,7 @@ class CensorshipCircumvention:
 
         return result
 
-    def censorship_obtain_builtin_bridges(self):
+    def request_builtin_bridges(self):
         """
         Retrieves the list of built-in bridges from the Tor Project.
         """
@@ -193,7 +146,7 @@ class CensorshipCircumvention:
         r = requests.post(
             endpoint,
             headers={"Content-Type": "application/vnd.api+json"},
-            proxies=self.meek_proxies,
+            proxies=self.meek.meek_proxies,
         )
         if r.status_code != 200:
             self.common.log(

cli/onionshare_cli/meek.py

@@ -0,0 +1,144 @@
+# -*- coding: utf-8 -*-
+"""
+OnionShare | https://onionshare.org/
+
+Copyright (C) 2014-2021 Micah Lee, et al. <micah@micahflee.com>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+import subprocess
+from queue import Queue, Empty
+from threading import Thread
+
+
+class Meek(object):
+    """
+    The Meek object starts the meek-client as a subprocess.
+    This process is used to do domain-fronting to connect to
+    the Tor APIs for censorship circumvention and retrieving
+    bridges, before connecting to Tor.
+    """
+
+    def __init__(self, common):
+        """
+        Set up the Meek object
+        """
+
+        self.common = common
+        self.common.log("Meek", "__init__")
+
+        get_tor_paths = self.common.get_tor_paths
+        (
+            self.tor_path,
+            self.tor_geo_ip_file_path,
+            self.tor_geo_ipv6_file_path,
+            self.obfs4proxy_file_path,
+            self.snowflake_file_path,
+            self.meek_client_file_path,
+        ) = get_tor_paths()
+
+        self.meek_proxies = {}
+        self.meek_url = "https://moat.torproject.org.global.prod.fastly.net/"
+        self.meek_front = "cdn.sstatic.net"
+        self.meek_env = {
+            "TOR_PT_MANAGED_TRANSPORT_VER": "1",
+            "TOR_PT_CLIENT_TRANSPORTS": "meek",
+        }
+        self.meek_host = "127.0.0.1"
+        self.meek_port = None
+
+    def start(self):
+        """
+        Start the Meek Client and populate the SOCKS proxies dict
+        for use with requests to the Tor Moat API.
+        """
+        # Small method to read stdout from the subprocess.
+        # We use this to obtain the random port that Meek
+        # started on
+        def enqueue_output(out, queue):
+            for line in iter(out.readline, b""):
+                queue.put(line)
+            out.close()
+
+        # Start the Meek Client as a subprocess.
+
+        if self.common.platform == "Windows":
+            # In Windows, hide console window when opening tor.exe subprocess
+            startupinfo = subprocess.STARTUPINFO()
+            startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
+            self.meek_proc = subprocess.Popen(
+                [
+                    self.meek_client_file_path,
+                    "--url",
+                    self.meek_url,
+                    "--front",
+                    self.meek_front,
+                ],
+                stdout=subprocess.PIPE,
+                startupinfo=startupinfo,
+                bufsize=1,
+                env=self.meek_env,
+                text=True,
+            )
+        else:
+            self.meek_proc = subprocess.Popen(
+                [
+                    self.meek_client_file_path,
+                    "--url",
+                    self.meek_url,
+                    "--front",
+                    self.meek_front,
+                ],
+                stdout=subprocess.PIPE,
+                bufsize=1,
+                env=self.meek_env,
+                text=True,
+            )
+
+        # Queue up the stdout from the subprocess for polling later
+        q = Queue()
+        t = Thread(target=enqueue_output, args=(self.meek_proc.stdout, q))
+        t.daemon = True  # thread dies with the program
+        t.start()
+
+        while True:
+            # read stdout without blocking
+            try:
+                line = q.get_nowait()
+            except Empty:
+                # no stdout yet?
+                pass
+            else:  # we got stdout
+                if "CMETHOD meek socks5" in line:
+                    self.meek_host = line.split(" ")[3].split(":")[0]
+                    self.meek_port = line.split(" ")[3].split(":")[1]
+                    self.common.log("Meek", "start", f"Meek host is {self.meek_host}")
+                    self.common.log("Meek", "start", f"Meek port is {self.meek_port}")
+                    break
+
+        if self.meek_port:
+            self.meek_proxies = {
+                "http": f"socks5h://{self.meek_host}:{self.meek_port}",
+                "https": f"socks5h://{self.meek_host}:{self.meek_port}",
+            }
+        else:
+            self.common.log("Meek", "start", "Could not obtain the meek port")
+            raise MeekNotRunning()
+
+
+class MeekNotRunning(Exception):
+    """
+    We were unable to start Meek or obtain the port
+    number it started on, in order to do domain fronting.
+    """