TrustKit icon indicating copy to clipboard operation
TrustKit copied to clipboard
verified publisher icon datatheorem

Validate/add support for iOS 12 Network.framewok

Open nabla-c0d3 opened this issue 7 years ago • 1 comments

nabla-c0d3 avatar Jun 05 '18 21:06 nabla-c0d3

Something like this...

` let useSSL: Bool = true let socketURL = URL(string: "https://www.httpbin.org/")! let verifyQueue = DispatchQueue(label: "verifyQueue", attributes: [])

lazy var connection: NWConnection = {
    let port: Int
    if socketURL.port != nil {
        port = socketURL.port!
    } else {
        port = useSSL ? 443 : 80
    }
    
    let parameters: NWParameters
    if useSSL {
        let hostname = socketURL.host!
        let options = NWProtocolTLS.Options()
        sec_protocol_options_set_verify_block(options.securityProtocolOptions, { (sec_protocol_metadata, sec_trust, sec_protocol_verify_complete) in
            
            let trust: SecTrust = sec_trust_copy_ref(sec_trust).takeRetainedValue()
            let decision: TSKTrustDecision = TrustKit.sharedInstance().pinningValidator.evaluateTrust(trust, forHostname: hostname)
            
            switch decision {
                case .shouldAllowConnection:
                    sec_protocol_verify_complete(true)
                case .shouldBlockConnection:
                    sec_protocol_verify_complete(false)
                case .domainNotPinned:
                    sec_protocol_verify_complete(false)
            }
            
        }, verifyQueue)
        
        parameters = NWParameters(tls: options)
    } else {
        parameters = .tcp
    }
    
    return NWConnection(host: NWEndpoint.Host.name(socketURL.host!, nil),
                        port: NWEndpoint.Port(rawValue: UInt16(port))!,
                        using: parameters)
}()

`

TSKPinningValidator could do this for us with a helper method that takes NWProtocolTLS.Options and a hostname.

mooshee avatar Oct 19 '18 19:10 mooshee