Update cert pinning implementation

Use binary certificate (der)

Update cert pinning implementation
be401c31 · Dariusz Rybicki · 79409e8a · be401c31
Commit be401c31 authored 2 years ago by Dariusz Rybicki
--- a/Sources/ReportingFeature/SendReport.swift
+++ b/Sources/ReportingFeature/SendReport.swift
@@ -51,30 +51,32 @@ private final class SessionDelegate: NSObject, URLSessionDelegate {
        didReceive challenge: URLAuthenticationChallenge,
        completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void
    ) {
-        let authenticationMethod = challenge.protectionSpace.authenticationMethod
-        if authenticationMethod == NSURLAuthenticationMethodServerTrust,
-           let serverTrust = challenge.protectionSpace.serverTrust,
-           handleServerTrustChallenge(serverTrust) {
-            completionHandler(.useCredential, URLCredential(trust: serverTrust))
-            return
+        let authMethod = challenge.protectionSpace.authenticationMethod
+        guard authMethod == NSURLAuthenticationMethodServerTrust else {
+            return completionHandler(.cancelAuthenticationChallenge, nil)
        }
-        completionHandler(.cancelAuthenticationChallenge, nil)
-    }
-}

-private func handleServerTrustChallenge(_ serverTrust: SecTrust) -> Bool {
-    guard let serverCert = SecTrustGetCertificateAtIndex(serverTrust, 0) else {
-        return false
-    }
+        guard let serverTrust = challenge.protectionSpace.serverTrust else {
+            return completionHandler(.cancelAuthenticationChallenge, nil)
+        }

-    let serverCertCFData = SecCertificateCopyData(serverCert)
-    let serverCertNSData = NSData(
-        bytes: CFDataGetBytePtr(serverCertCFData),
-        length: CFDataGetLength(serverCertCFData)
-    )
+        guard let serverCert = SecTrustGetCertificateAtIndex(serverTrust, 0) else {
+            return completionHandler(.cancelAuthenticationChallenge, nil)
+        }
+
+        let serverCertCFData = SecCertificateCopyData(serverCert)
+        let serverCertData = Data(
+            bytes: CFDataGetBytePtr(serverCertCFData),
+            count: CFDataGetLength(serverCertCFData)
+        )

-    let localCertPath = Bundle.module.path(forResource: "report_cert", ofType: "crt")!
-    let localCertNSData = NSData(contentsOfFile: localCertPath)!
+        let localCertURL = Bundle.module.url(forResource: "report_cert", withExtension: "der")!
+        let localCertData = try! Data(contentsOf: localCertURL)

-    return serverCertNSData.isEqual(to: localCertNSData as Data)
+        guard serverCertData == localCertData else {
+            return completionHandler(.cancelAuthenticationChallenge, nil)
+        }
+
+        completionHandler(.useCredential, URLCredential(trust: serverTrust))
+    }
 }