Skip to content
Snippets Groups Projects
Commit be401c31 authored by Dariusz Rybicki's avatar Dariusz Rybicki
Browse files

Update cert pinning implementation

Use binary certificate (der)
parent 79409e8a
No related branches found
No related tags found
3 merge requests!71Releasing v1.1.5 (214),!69Implemented filtering for banned/blocked users and reporting,!67v1.1.5 b(203)
......@@ -51,30 +51,32 @@ private final class SessionDelegate: NSObject, URLSessionDelegate {
didReceive challenge: URLAuthenticationChallenge,
completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void
) {
let authenticationMethod = challenge.protectionSpace.authenticationMethod
if authenticationMethod == NSURLAuthenticationMethodServerTrust,
let serverTrust = challenge.protectionSpace.serverTrust,
handleServerTrustChallenge(serverTrust) {
completionHandler(.useCredential, URLCredential(trust: serverTrust))
return
let authMethod = challenge.protectionSpace.authenticationMethod
guard authMethod == NSURLAuthenticationMethodServerTrust else {
return completionHandler(.cancelAuthenticationChallenge, nil)
}
completionHandler(.cancelAuthenticationChallenge, nil)
}
}
private func handleServerTrustChallenge(_ serverTrust: SecTrust) -> Bool {
guard let serverCert = SecTrustGetCertificateAtIndex(serverTrust, 0) else {
return false
}
guard let serverTrust = challenge.protectionSpace.serverTrust else {
return completionHandler(.cancelAuthenticationChallenge, nil)
}
let serverCertCFData = SecCertificateCopyData(serverCert)
let serverCertNSData = NSData(
bytes: CFDataGetBytePtr(serverCertCFData),
length: CFDataGetLength(serverCertCFData)
)
guard let serverCert = SecTrustGetCertificateAtIndex(serverTrust, 0) else {
return completionHandler(.cancelAuthenticationChallenge, nil)
}
let serverCertCFData = SecCertificateCopyData(serverCert)
let serverCertData = Data(
bytes: CFDataGetBytePtr(serverCertCFData),
count: CFDataGetLength(serverCertCFData)
)
let localCertPath = Bundle.module.path(forResource: "report_cert", ofType: "crt")!
let localCertNSData = NSData(contentsOfFile: localCertPath)!
let localCertURL = Bundle.module.url(forResource: "report_cert", withExtension: "der")!
let localCertData = try! Data(contentsOf: localCertURL)
return serverCertNSData.isEqual(to: localCertNSData as Data)
guard serverCertData == localCertData else {
return completionHandler(.cancelAuthenticationChallenge, nil)
}
completionHandler(.useCredential, URLCredential(trust: serverTrust))
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment