Tor bridges support [Client part]

app/brave_generated_resources.grd

@@ -260,6 +260,9 @@ Or change later at <ph name="SETTINGS_EXTENIONS_LINK">$2<ex>brave://settings/ext
       </message>
 
       <!-- Tor -->
+      <message name="IDS_BRAVE_TOR_SETTINGS_SECTION" desc="Open Tor settings section">
+        Tor windows
+      </message>
       <message name="IDS_NEW_TOR_IDENTITY" desc="The text label of a menu item for requesting new Tor identity">
         New Tor Identity
       </message>

app/brave_settings_strings.grdp

@@ -667,6 +667,60 @@
   <message name="IDS_SETTINGS_ENABLE_TOR_DESC" desc="Text fragment for enabling tor component">
     Tor hides your IP address from the sites you visit.
   </message>
+  <message name="IDS_SETTINGS_TOR_USE_BRIDGES_TITLE" desc="">
+    Use Bridges
+  </message>
+  <message name="IDS_SETTINGS_TOR_USE_BRIDGES_DESC" desc="">
+    Bridges help you access the Tor Network in place where Tor is blocked. Depending on where you are, one bridge may work better than another.
+  </message>
+  <message name="IDS_SETTINGS_TOR_CONNECTION_SETTINGS_TITLE" desc="">
+    Tor connection settings
+  </message>
+  <message name="IDS_SETTINGS_TOR_CONNECTION_SETTINGS_DESC" desc="">
+    Controls how Private Windows with Tor connect to the Tor network
+  </message>
+  <message name="IDS_SETTINGS_TOR_SELECT_BUILT_IN_RADIO" desc="">
+    Select a built-in bridge
+  </message>
+  <message name="IDS_SETTINGS_TOR_REQUEST_BRIDGES_RADIO" desc="">
+    Request a bridge from torproject.org
+  </message>
+  <message name="IDS_SETTINGS_TOR_REQUEST_NEW_BRIDGE_BUTTON" desc="">
+    Request a New Bridge...
+  </message>
+  <message name="IDS_SETTINGS_TOR_PROVIDE_BRIDGES_RADIO" desc="">
+    Provide a bridge
+  </message>
+  <message name="IDS_SETTINGS_TOR_ENTER_BRIDGE_INFO_LABEL" desc="">
+    Enter bridge information from a trusted source.
+  </message>
+  <message name="IDS_SETTINGS_TOR_APPLY_CHANGES_BUTTON" desc="">
+    Apply changes
+  </message>
+  <message name="IDS_SETTINGS_TOR_REQUESTED_BRIDGES_PLACEHOLDER" desc="">
+    Click on 'Request a New Bridge...' to get bridges
+  </message>
+  <message name="IDS_SETTINGS_TOR_PROVIDED_BRIDGES_PLACEHOLDER" desc="">
+    Type address:port (one per line)
+  </message>
+  <message name="IDS_SETTINGS_TOR_REQUEST_BRIDGE_DIALOG_TITLE" desc="">
+    Request Bridge
+  </message>
+  <message name="IDS_SETTINGS_TOR_REQUEST_BRIDGE_DIALOG_WAITING" desc="">
+    Contacting BridgeDB. Please wait.
+  </message>
+  <message name="IDS_SETTINGS_TOR_REQUEST_BRIDGE_DIALOG_SOLVE" desc="">
+    Solve the CAPTCHA to request a bridge.
+  </message>
+  <message name="IDS_SETTINGS_TOR_REQUEST_BRIDGE_DIALOG_ERROR" desc="">
+    Can't request a CAPTCHA. Try again later.
+  </message>
+  <message name="IDS_SETTINGS_TOR_SUBMIT_DIALOG_BUTTON" desc="Text fragment for enabling tor component">
+    Submit
+  </message>
+  <message name="IDS_SETTINGS_TOR_CANCEL_DIALOG_BUTTON" desc="Text fragment for enabling tor component">
+    Cancel
+  </message>
   <message name="IDS_SETTINGS_AUTO_ONION_LOCATION_TITLE" desc="Text fragment for onion site component">
     Automatically redirect .onion sites
   </message>

browser/brave_browser_process.h

@@ -56,6 +56,7 @@ class NTPBackgroundImagesService;
 
 namespace tor {
 class BraveTorClientUpdater;
+class BraveTorPluggableTransportUpdater;
 }
 
 namespace ipfs {
@@ -91,6 +92,8 @@ class BraveBrowserProcess {
   local_data_files_service() = 0;
 #if BUILDFLAG(ENABLE_TOR)
   virtual tor::BraveTorClientUpdater* tor_client_updater() = 0;
+  virtual tor::BraveTorPluggableTransportUpdater*
+  tor_pluggable_transport_updater() = 0;
 #endif
 #if BUILDFLAG(ENABLE_IPFS)
   virtual ipfs::BraveIpfsClientUpdater* ipfs_client_updater() = 0;

browser/brave_browser_process_impl.cc

@@ -5,6 +5,7 @@
 
 #include "brave/browser/brave_browser_process_impl.h"
 
+#include <memory>
 #include <string>
 #include <utility>
 
@@ -65,6 +66,7 @@
 
 #if BUILDFLAG(ENABLE_TOR)
 #include "brave/components/tor/brave_tor_client_updater.h"
+#include "brave/components/tor/brave_tor_pluggable_transport_updater.h"
 #include "brave/components/tor/pref_names.h"
 #endif
 
@@ -294,11 +296,24 @@ tor::BraveTorClientUpdater* BraveBrowserProcessImpl::tor_client_updater() {
   base::FilePath user_data_dir;
   base::PathService::Get(chrome::DIR_USER_DATA, &user_data_dir);
 
-  tor_client_updater_.reset(new tor::BraveTorClientUpdater(
-      brave_component_updater_delegate(), local_state(), user_data_dir));
+  tor_client_updater_ = std::make_unique<tor::BraveTorClientUpdater>(
+      brave_component_updater_delegate(), local_state(), user_data_dir);
   return tor_client_updater_.get();
 }
 
+tor::BraveTorPluggableTransportUpdater*
+BraveBrowserProcessImpl::tor_pluggable_transport_updater() {
+  if (!tor_pluggable_transport_updater_) {
+    base::FilePath user_data_dir;
+    base::PathService::Get(chrome::DIR_USER_DATA, &user_data_dir);
+
+    tor_pluggable_transport_updater_ =
+        std::make_unique<tor::BraveTorPluggableTransportUpdater>(
+            brave_component_updater_delegate(), local_state(), user_data_dir);
+  }
+  return tor_pluggable_transport_updater_.get();
+}
+
 void BraveBrowserProcessImpl::OnTorEnabledChanged() {
   // Update all browsers' tor command status.
   for (Browser* browser : *BrowserList::GetInstance()) {

browser/brave_browser_process_impl.h

@@ -15,6 +15,7 @@
 #include "brave/components/greaselion/browser/buildflags/buildflags.h"
 #include "brave/components/ipfs/buildflags/buildflags.h"
 #include "brave/components/speedreader/common/buildflags.h"
+#include "brave/components/tor/brave_tor_pluggable_transport_updater.h"
 #include "brave/components/tor/buildflags/buildflags.h"
 #include "chrome/browser/browser_process_impl.h"
 #include "extensions/buildflags/buildflags.h"
@@ -58,6 +59,7 @@ class NTPBackgroundImagesService;
 
 namespace tor {
 class BraveTorClientUpdater;
+class BraveTorPluggableTransportUpdater;
 }
 
 namespace ipfs {
@@ -102,6 +104,8 @@ class BraveBrowserProcessImpl : public BraveBrowserProcess,
       override;
 #if BUILDFLAG(ENABLE_TOR)
   tor::BraveTorClientUpdater* tor_client_updater() override;
+  tor::BraveTorPluggableTransportUpdater* tor_pluggable_transport_updater()
+      override;
 #endif
 #if BUILDFLAG(ENABLE_IPFS)
   ipfs::BraveIpfsClientUpdater* ipfs_client_updater() override;
@@ -160,6 +164,8 @@ class BraveBrowserProcessImpl : public BraveBrowserProcess,
 #endif
 #if BUILDFLAG(ENABLE_TOR)
   std::unique_ptr<tor::BraveTorClientUpdater> tor_client_updater_;
+  std::unique_ptr<tor::BraveTorPluggableTransportUpdater>
+      tor_pluggable_transport_updater_;
 #endif
 #if BUILDFLAG(ENABLE_IPFS)
   std::unique_ptr<ipfs::BraveIpfsClientUpdater> ipfs_client_updater_;

browser/extensions/api/settings_private/brave_prefs_util.cc

@@ -307,6 +307,8 @@ const PrefsUtil::TypedPrefMap& BravePrefsUtil::GetAllowlistedKeys() {
 #if BUILDFLAG(ENABLE_TOR)
   (*s_brave_allowlist)[tor::prefs::kAutoOnionRedirect] =
       settings_api::PrefType::PREF_TYPE_BOOLEAN;
+  (*s_brave_allowlist)[tor::prefs::kBridgesConfig] =
+      settings_api::PrefType::PREF_TYPE_DICTIONARY;
 #endif
   (*s_brave_allowlist)[prefs::kWebRTCIPHandlingPolicy] =
       settings_api::PrefType::PREF_TYPE_STRING;

browser/extensions/brave_extension_management.cc

@@ -27,6 +27,7 @@
 #if BUILDFLAG(ENABLE_TOR)
 #include "brave/browser/tor/tor_profile_manager.h"
 #include "brave/components/tor/brave_tor_client_updater.h"
+#include "brave/components/tor/brave_tor_pluggable_transport_updater.h"
 #include "brave/components/tor/pref_names.h"
 #endif
 
@@ -53,6 +54,11 @@ BraveExtensionManagement::BraveExtensionManagement(Profile* profile)
       tor::prefs::kTorDisabled,
       base::BindRepeating(&BraveExtensionManagement::OnTorDisabledChanged,
                           base::Unretained(this)));
+  local_state_pref_change_registrar_.Add(
+      tor::prefs::kBridgesConfig,
+      base::BindRepeating(
+          &BraveExtensionManagement::OnTorPluggableTransportChanged,
+          base::Unretained(this)));
 #endif
   // Make IsInstallationExplicitlyAllowed to be true
 #if BUILDFLAG(ETHEREUM_REMOTE_CLIENT_ENABLED)
@@ -85,7 +91,23 @@ void BraveExtensionManagement::OnTorDisabledChanged() {
 #if BUILDFLAG(ENABLE_TOR)
   if (TorProfileServiceFactory::IsTorDisabled()) {
     TorProfileManager::GetInstance().CloseAllTorWindows();
-    g_brave_browser_process->tor_client_updater()->Cleanup();
+    if (g_brave_browser_process->tor_client_updater()) {
+      g_brave_browser_process->tor_client_updater()->Cleanup();
+    }
+    if (g_brave_browser_process->tor_pluggable_transport_updater()) {
+      g_brave_browser_process->tor_pluggable_transport_updater()->Cleanup();
+    }
+  }
+#endif
+}
+
+void BraveExtensionManagement::OnTorPluggableTransportChanged() {
+#if BUILDFLAG(ENABLE_TOR)
+  if (TorProfileServiceFactory::GetTorBridgesConfig().use_bridges ==
+      tor::BridgesConfig::Usage::kNotUsed) {
+    if (g_brave_browser_process->tor_pluggable_transport_updater()) {
+      g_brave_browser_process->tor_pluggable_transport_updater()->Cleanup();
+    }
   }
 #endif
 }
@@ -94,6 +116,7 @@ void BraveExtensionManagement::Cleanup(content::BrowserContext* context) {
   // BrowserPolicyConnector enforce policy earlier than this constructor so we
   // have to manully cleanup tor executable when tor is disabled by gpo
   OnTorDisabledChanged();
+  OnTorPluggableTransportChanged();
 
 #if BUILDFLAG(ENABLE_IPFS)
   // Remove ipfs executable if it is disabled by GPO.

browser/extensions/brave_extension_management.h

@@ -33,6 +33,7 @@ class BraveExtensionManagement : public ExtensionManagement,
       UnloadedExtensionReason reason) override;
 
   void OnTorDisabledChanged();
+  void OnTorPluggableTransportChanged();
   void Cleanup(content::BrowserContext* browser_context);
 
   PrefChangeRegistrar local_state_pref_change_registrar_;

browser/resources/settings/BUILD.gn

@@ -112,6 +112,7 @@ preprocess_if_expr("preprocess") {
     "brave_reset_page/brave_reset_profile_dialog_behavior.js",
     "brave_routes.js",
     "brave_sync_page/brave_sync_browser_proxy.js",
+    "brave_tor_page/brave_tor_browser_proxy.js",
     "default_brave_shields_page/brave_adblock_browser_proxy.js",
   ]
 }
@@ -162,6 +163,8 @@ preprocess_if_expr("preprocess_generated") {
     "brave_sync_page/brave_sync_page.js",
     "brave_sync_page/brave_sync_setup.js",
     "brave_sync_page/brave_sync_subpage.js",
+    "brave_tor_page/brave_tor_bridges_dialog.js",
+    "brave_tor_page/brave_tor_subpage.js",
     "brave_wallet_page/add_wallet_network_dialog.js",
     "brave_wallet_page/brave_wallet_browser_proxy.m.js",
     "brave_wallet_page/brave_wallet_page.js",
@@ -192,6 +195,7 @@ group("web_modules") {
     "brave_rewards_page:web_modules",
     "brave_search_engines_page:web_modules",
     "brave_sync_page:web_modules",
+    "brave_tor_page:web_modules",
     "brave_wallet_page:web_modules",
     "default_brave_shields_page:web_modules",
     "getting_started_page:web_modules",

browser/resources/settings/brave_default_extensions_page/brave_default_extensions_browser_proxy.js

@@ -14,9 +14,6 @@ cr.define('settings', function () {
      */
     setWebTorrentEnabled (value) {}
     setHangoutsEnabled (value) {}
-    setTorEnabled (value) {}
-    isTorEnabled () {}
-    isTorManaged () {}
     setWidevineEnabled() {}
     isWidevineEnabled() {}
     getRestartNeeded () {}
@@ -42,18 +39,6 @@ cr.define('settings', function () {
       chrome.send('setMediaRouterEnabled', [value])
     }
 
-    setTorEnabled (value) {
-      chrome.send('setTorEnabled', [value])
-    }
-
-    isTorEnabled () {
-      return cr.sendWithPromise('isTorEnabled')
-    }
-
-    isTorManaged () {
-      return cr.sendWithPromise('isTorManaged')
-    }
-
     setWidevineEnabled (value) {
       chrome.send('setWidevineEnabled', [value])
     }

browser/resources/settings/brave_default_extensions_page/brave_default_extensions_page.html

@@ -112,23 +112,6 @@
                               pref="{{prefs.brave.ens.resolve_method}}"
                               menu-options="[[ensResolveMethod_]]">
     </div>
-    <if expr="enable_tor">
-    <settings-toggle-button id="torEnabled"
-        class="cr-row"
-        pref="[[torEnabledPref_]]"
-        label="$i18n{torEnabledLabel}"
-        sub-label="$i18n{torEnabledDesc}"
-        disabled="[[disableTorOption_]]"
-        on-settings-boolean-control-change="onTorEnabledChange_">
-    </settings-toggle-button>
-    <settings-toggle-button
-        pref="{{prefs.tor.auto_onion_location}}"
-        class="cr-row"
-        label="$i18n{autoOnionLocationLabel}"
-        sub-label="$i18n{autoOnionLocationDesc}"
-        disabled="[[!torEnabledPref_.value]]">
-    </settings-toggle-button>
-    </if>
     <settings-toggle-button id="webTorrentEnabled"
         class="cr-row"
         pref="{{prefs.brave.webtorrent_enabled}}"

browser/resources/settings/brave_default_extensions_page/brave_default_extensions_page.js

@@ -27,17 +27,8 @@ Polymer({
 
   properties: {
     showRestartToast_: Boolean,
-    disableTorOption_: Boolean,
     unstoppableDomainsResolveMethod_: Array,
     ensResolveMethod_: Array,
-    torEnabledPref_: {
-      type: Object,
-      value() {
-        // TODO(dbeam): this is basically only to appease PrefControlMixin.
-        // Maybe add a no-validate attribute instead? This makes little sense.
-        return {};
-      },
-    },
     widevineEnabledPref_: {
       type: Object,
       value() {
@@ -64,7 +55,6 @@ Polymer({
     this.openKeyboardShortcutsPage_ = this.openKeyboardShortcutsPage_.bind(this)
     this.onWidevineEnabledChange_ = this.onWidevineEnabledChange_.bind(this)
     this.restartBrowser_ = this.restartBrowser_.bind(this)
-    this.onTorEnabledChange_ = this.onTorEnabledChange_.bind(this)
 
     this.addWebUIListener('brave-needs-restart-changed', (needsRestart) => {
       this.showRestartToast_ = needsRestart
@@ -73,9 +63,6 @@ Polymer({
     this.browserProxy_.getRestartNeeded().then(show => {
       this.showRestartToast_ = show;
     });
-    this.browserProxy_.isTorManaged().then(managed => {
-      this.disableTorOption_ = managed
-    })
     this.browserProxy_.getDecentralizedDnsResolveMethodList().then(list => {
         this.unstoppableDomainsResolveMethod_ = list
     })
@@ -85,10 +72,6 @@ Polymer({
 
     // PrefControlMixin checks for a pref being valid, so have to fake it,
     // same as upstream.
-    const setTorEnabledPref = (enabled) => this.setTorEnabledPref_(enabled);
-    this.addWebUIListener('tor-enabled-changed', setTorEnabledPref);
-    this.browserProxy_.isTorEnabled().then(setTorEnabledPref);
-
     const setWidevineEnabledPref = (enabled) => this.setWidevineEnabledPref_(enabled);
     this.addWebUIListener('widevine-enabled-changed', setWidevineEnabledPref);
     this.browserProxy_.isWidevineEnabled().then(setWidevineEnabledPref);
@@ -107,19 +90,6 @@ Polymer({
     window.open("chrome://restart", "_self");
   },
 
-  setTorEnabledPref_: function (enabled) {
-    const pref = {
-      key: '',
-      type: chrome.settingsPrivate.PrefType.BOOLEAN,
-      value: enabled,
-    };
-    this.torEnabledPref_ = pref;
-  },
-
-  onTorEnabledChange_: function() {
-    this.browserProxy_.setTorEnabled(this.$.torEnabled.checked);
-  },
-
   setWidevineEnabledPref_: function (enabled) {
     const pref = {
       key: '',