davidmtamas
davidmtamas
/ PublicKeyPinner.swift
Created
April 2, 2020 07:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| final class PublicKeyPinner { | |
| /// Stored public key hashes | |
| private let hashes: [String] | |
| public init(hashes: [String]) { | |
| self.hashes = hashes | |
| } | |
| /// ASN1 header for our public key to re-create the subject public key info | |
| private let rsa2048Asn1Header: [UInt8] = [ |
davidmtamas
/ CryptoSwiftExample.swift
Created
April 2, 2020 07:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| return keyWithHeader.sha256().base64EncodedString() |
davidmtamas
/ CommonCryptoExample.swift
Created
April 2, 2020 07:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var hash = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH)) | |
| _ = keyWithHeader.withUnsafeBytes { | |
| CC_SHA256($0.baseAddress!, CC_LONG(keyWithHeader.count), &hash) | |
| } | |
| return Data(hash).base64EncodedString() |
davidmtamas
/ CryptoKitExample.swift
Created
April 2, 2020 07:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import CryptoSwift | |
| import CommonCrypto | |
| #if canImport(CryptoKit) | |
| import CryptoKit | |
| #endif | |
| public final class PublicKeyPinner { | |
| ... | |
| /// Creates a hash from the received data using the `sha256` algorithm. |
davidmtamas
/ Asn1Header.swift
Created
April 2, 2020 07:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /// ASN1 header for our public key to re-create the subject public key info | |
| private let rsa2048Asn1Header: [UInt8] = [ | |
| 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, | |
| 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00 | |
| ] |
davidmtamas
/ EvaluateHashes.swift
Created
April 2, 2020 07:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // For each certificate in the valid trust: | |
| for index in 0..<SecTrustGetCertificateCount(serverTrust) { | |
| // Get the public key data for the certificate at the current index of the loop. | |
| guard let certificate = SecTrustGetCertificateAtIndex(serverTrust, index), | |
| let publicKey = SecCertificateCopyPublicKey(certificate), | |
| let publicKeyData = SecKeyCopyExternalRepresentation(publicKey, nil) else { | |
| return false | |
| } | |
| // Hash the key, and check it's validity. |
davidmtamas
/ CheckValidity.swift
Created
April 2, 2020 07:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Check if the trust is valid | |
| var secResult = SecTrustResultType.invalid | |
| let status = SecTrustEvaluate(serverTrust, &secResult) | |
| guard status == errSecSuccess else { return false } |
davidmtamas
/ SetSecPolicy.swift
Created
April 2, 2020 07:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if let domain = domain { | |
| let policies = NSMutableArray() | |
| policies.add(SecPolicyCreateSSL(true, domain as CFString)) | |
| SecTrustSetPolicies(serverTrust, policies) | |
| } |
davidmtamas
/ PublicInterface.swift
Created
April 2, 2020 07:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public final class PublicKeyPinner { | |
| /// Stored public key hashes | |
| private let hashes: [String] | |
| public init(hashes: [String]) { | |
| self.hashes = hashes | |
| } | |
| /// Validates an object used to evaluate trust's certificates by comparing their public key hashes | |
| /// to the known, trused key hashes stored in the app. |