Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iOS Certificate Pinning #1750

Merged
merged 5 commits into from
Mar 27, 2020
Merged

iOS Certificate Pinning #1750

merged 5 commits into from
Mar 27, 2020

Conversation

alistairsykes
Copy link
Contributor

Subsystem
Client, iOS

Motivation
Pinning certificates defends against attacks on certificate authorities. It also prevents connections through man-in-the-middle certificate authorities either known or unknown to the application's user.
#1431

Solution
Added class CertificatePinner which confirms to ChallengeHandler. In doing so it can override:

fun invoke(
    session: NSURLSession,
    task: NSURLSessionTask,
    challenge: NSURLAuthenticationChallenge,
    completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?) -> Unit
)

and therefore ensure that the certificates in the serverTrust match those that are pinned.

Sergey Mashkov and others added 5 commits March 24, 2020 14:44
Upgrade to Kotlin 1.3.71
1bc4ed6
@alistairsykes
alistairsykes/ios-cert-pinning: Add use function to IosUtils.
87f6df1 
`CPointer`'s need to be released by calling `CFBridgingRelease`. To
enable this consistently, even when an exception is thrown, add a `use`
function.

Forms part of: (#1431)
@alistairsykes
alistairsykes/ios-cert-pinning: Add CertificatePinner for iOS
7346538 
To support users with certificate pinning on iOS, provide a class which
enables public key certificate pinning. It should provide a simple
interface and clear guidance on how to use. It should conform to
`ChallengeHandler` to enable easy configuration of the engine.

Forms part of: (#1431)
@alistairsykes
alistairsykes/ios-cert-pinning: Add tests for CertificatePinner
5acc3cb 
Forms part of: (#1431)
@alistairsykes
alistairsykes/ios-cert-pinning: Mark CertificatePinner as experimental
ddf494c 
Given the contributing guidelines, this new API should be marked with
`@KtorExperimentalAPI`

Forms part of: (#1431)
@alistairsykes alistairsykes changed the title Alistairsykes/ios cert pinning iOS Certificate Pinning Mar 25, 2020
@alistairsykes
Copy link
Contributor Author

As discussed with @e5l I have been unable to build and validate this PR due to an issue with gradle configuration.
The tests with this class are pretty scarce. I did not want to introduce any mocking frameworks or the like, so I added tests for what I could.
Happy to work on this further, if you could point me in the right direction.

@cy6erGn0m cy6erGn0m requested a review from e5l March 25, 2020 17:41
@e5l e5l changed the base branch from master to e5l/develop March 27, 2020 06:37
@e5l e5l merged commit e50191a into ktorio:e5l/develop Mar 27, 2020
@e5l
Copy link
Member

e5l commented Mar 27, 2020

Merged in e5l/develop for fixing gradle configuration. Thanks for the PR

e5l pushed a commit that referenced this pull request Mar 30, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
f75eb9d
e5l pushed a commit that referenced this pull request Apr 1, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
41c145a
e5l pushed a commit that referenced this pull request Apr 7, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
b08c3c2
e5l pushed a commit that referenced this pull request Apr 8, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
b7e8e58
e5l pushed a commit that referenced this pull request May 26, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
43e8a26
e5l pushed a commit that referenced this pull request May 29, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
4ce7aaa
e5l pushed a commit that referenced this pull request Jul 15, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
eef646f
e5l pushed a commit that referenced this pull request Jul 21, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
4ac8010
e5l pushed a commit that referenced this pull request Aug 10, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
7be7d1d
e5l pushed a commit that referenced this pull request Aug 10, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
9fc45d9
e5l pushed a commit that referenced this pull request Aug 10, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
1c84e03
e5l pushed a commit that referenced this pull request Aug 10, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
e48c078
e5l pushed a commit that referenced this pull request Aug 11, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
afadc1b
e5l pushed a commit that referenced this pull request Aug 12, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
396f6a6
e5l added a commit that referenced this pull request Aug 16, 2020
@e5l
fixup! iOS Certificate Pinning (#1750)
9ba9acf
e5l added a commit that referenced this pull request Aug 17, 2020
@e5l
fixup! iOS Certificate Pinning (#1750)
3963ef6
e5l pushed a commit that referenced this pull request Aug 17, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
61e22d2
e5l pushed a commit that referenced this pull request Aug 17, 2020
@alistairsykes @e5l
iOS Certificate Pinning (#1750)
77c9768
@cl3m cl3m mentioned this pull request Jan 22, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@e5l e5l Awaiting requested review from e5l

Assignees
No one assigned
Labels
Client feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alistairsykes @e5l @cy6erGn0m