Jimmy-Prime/CertificatePinning.swift

## CertificatePinning.swift
import Foundation

class SessionDelegate: NSObject, URLSessionDelegate {
    func urlSession(
        _ session: URLSession,
        didReceive challenge: URLAuthenticationChallenge,
        completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void
    ) {
        guard challenge.protectionSpace.host != URL.sns.host else {
            completionHandler(.performDefaultHandling, nil)
            return
        }

        guard challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust,
            let serverTrust = challenge.protectionSpace.serverTrust,
            let serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0) else {
            completionHandler(.cancelAuthenticationChallenge, nil)
            return
        }

        let remoteData = SecCertificateCopyData(serverCertificate)
        let remoteCert = NSData(bytes: CFDataGetBytePtr(remoteData), length: CFDataGetLength(remoteData)) as Data

        let candidates = [URL.mib.host!]

        if tryCertificates(with: candidates, remoteCert: remoteCert) {
            completionHandler(.useCredential, .init(trust: serverTrust))
        } else {
            completionHandler(.cancelAuthenticationChallenge, nil)
        }
    }

    private func tryCertificates(with names: [String], remoteCert: Data) -> Bool {
        guard let name = names.first,
            let url = Bundle.main.url(forResource: name, withExtension: "der"),
            let localCert = try? Data(contentsOf: url) else {
            return false
        }

        if remoteCert == localCert {
            return true
        } else {
            return tryCertificates(with: Array(names.dropFirst()), remoteCert: remoteCert)
        }
    }
}
	import Foundation

	class SessionDelegate: NSObject, URLSessionDelegate {
	func urlSession(
	_ session: URLSession,
	didReceive challenge: URLAuthenticationChallenge,
	completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void
	) {
	guard challenge.protectionSpace.host != URL.sns.host else {
	completionHandler(.performDefaultHandling, nil)
	return
	}

	guard challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust,
	let serverTrust = challenge.protectionSpace.serverTrust,
	let serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0) else {
	completionHandler(.cancelAuthenticationChallenge, nil)
	return
	}

	let remoteData = SecCertificateCopyData(serverCertificate)
	let remoteCert = NSData(bytes: CFDataGetBytePtr(remoteData), length: CFDataGetLength(remoteData)) as Data

	let candidates = [URL.mib.host!]

	if tryCertificates(with: candidates, remoteCert: remoteCert) {
	completionHandler(.useCredential, .init(trust: serverTrust))
	} else {
	completionHandler(.cancelAuthenticationChallenge, nil)
	}
	}

	private func tryCertificates(with names: [String], remoteCert: Data) -> Bool {
	guard let name = names.first,
	let url = Bundle.main.url(forResource: name, withExtension: "der"),
	let localCert = try? Data(contentsOf: url) else {
	return false
	}

	if remoteCert == localCert {
	return true
	} else {
	return tryCertificates(with: Array(names.dropFirst()), remoteCert: remoteCert)
	}
	}
	}