Public Key Pinning Example

NetworkManager.swift

struct Constants {
    static let resource = "certificate"
    static let type = "der"
}

// https://infinum.co/the-capsized-eight/articles/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

extension NetworkManager: URLSessionDelegate {
    func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
        
        guard let serverTrust = challenge.protectionSpace.serverTrust, let certificate = SecTrustGetCertificateAtIndex(serverTrust, 0) else { return }
        
        // Set SSL policies for domain name check
        let policies = NSMutableArray();
        policies.add(SecPolicyCreateSSL(true, (challenge.protectionSpace.host as CFString?)))
        SecTrustSetPolicies(serverTrust, policies);
        
        // Evaluate server certificate
        var result: SecTrustResultType = SecTrustResultType(rawValue: 0)!
        SecTrustEvaluate(serverTrust, &result)
        let isServerTrusted:Bool = result.rawValue == SecTrustResultType.unspecified.rawValue || result.rawValue == SecTrustResultType.proceed.rawValue
        
        // Get local and remote cert data
        let remoteCertificateData:NSData = SecCertificateCopyData(certificate)
        let pathToCert = Bundle.main.path(forResource: Constants.resource, ofType: Constants.type)
        let localCertificate:NSData = NSData(contentsOfFile: pathToCert!)!
        
        // Compare Data
        if (isServerTrusted && remoteCertificateData.isEqual(to: localCertificate as Data)) {
            let credential = URLCredential(trust: serverTrust)
            print("Certificate matching = true")
            completionHandler(.useCredential, credential)
        } else {
            print("Certificate matching = false")
            completionHandler(.cancelAuthenticationChallenge, nil)
        }
    }
}