Skip to content
Snippets Groups Projects
Commit be401c31 authored by Dariusz Rybicki's avatar Dariusz Rybicki
Browse files

Update cert pinning implementation

Use binary certificate (der)
parent 79409e8a
Branches
Tags
3 merge requests!71Releasing v1.1.5 (214),!69Implemented filtering for banned/blocked users and reporting,!67v1.1.5 b(203)
......@@ -51,30 +51,32 @@ private final class SessionDelegate: NSObject, URLSessionDelegate {
didReceive challenge: URLAuthenticationChallenge,
completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void
) {
let authenticationMethod = challenge.protectionSpace.authenticationMethod
if authenticationMethod == NSURLAuthenticationMethodServerTrust,
let serverTrust = challenge.protectionSpace.serverTrust,
handleServerTrustChallenge(serverTrust) {
completionHandler(.useCredential, URLCredential(trust: serverTrust))
return
}
completionHandler(.cancelAuthenticationChallenge, nil)
let authMethod = challenge.protectionSpace.authenticationMethod
guard authMethod == NSURLAuthenticationMethodServerTrust else {
return completionHandler(.cancelAuthenticationChallenge, nil)
}
guard let serverTrust = challenge.protectionSpace.serverTrust else {
return completionHandler(.cancelAuthenticationChallenge, nil)
}
private func handleServerTrustChallenge(_ serverTrust: SecTrust) -> Bool {
guard let serverCert = SecTrustGetCertificateAtIndex(serverTrust, 0) else {
return false
return completionHandler(.cancelAuthenticationChallenge, nil)
}
let serverCertCFData = SecCertificateCopyData(serverCert)
let serverCertNSData = NSData(
let serverCertData = Data(
bytes: CFDataGetBytePtr(serverCertCFData),
length: CFDataGetLength(serverCertCFData)
count: CFDataGetLength(serverCertCFData)
)
let localCertPath = Bundle.module.path(forResource: "report_cert", ofType: "crt")!
let localCertNSData = NSData(contentsOfFile: localCertPath)!
let localCertURL = Bundle.module.url(forResource: "report_cert", withExtension: "der")!
let localCertData = try! Data(contentsOf: localCertURL)
return serverCertNSData.isEqual(to: localCertNSData as Data)
guard serverCertData == localCertData else {
return completionHandler(.cancelAuthenticationChallenge, nil)
}
completionHandler(.useCredential, URLCredential(trust: serverTrust))
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment