SSL pinning for iOS
See original GitHub issueHow to make SSL pinning for iOS. As I am getting response but for other thing its not working.
Getting crash near this code
val remoteCertificateData : NSData = SecCertificateCopyData(certificate) as NSData
This is the error.
Uncaught Kotlin exception: kotlin.TypeCastException
Here is my code.
override fun URLSession(
session: NSURLSession,
didReceiveChallenge: NSURLAuthenticationChallenge,
completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?) -> Unit
) {
val serverTrust = didReceiveChallenge.protectionSpace.serverTrust
val certificate = SecTrustGetCertificateAtIndex(serverTrust,0)
var result: SecTrustResultType = 0u
memScoped{
val nativeResult = alloc<SecTrustResultTypeVar>()
nativeResult.value = result
SecTrustEvaluate(serverTrust!!, nativeResult.ptr)
}
val remoteCertificateData : NSData = SecCertificateCopyData(certificate) as NSData
val bundle = NSBundle.bundleForClass(objc_getRequiredClass("IosClientEngine"))
Logger.debug("pathToCert","$bundle")
val pathToCert = bundle.pathForResource("MyCertificate","cer")
val localCertificate : NSData = NSData.dataWithContentsOfFile(pathToCert!!)!!
if (localCertificate == remoteCertificateData) {
completionHandler(NSURLSessionAuthChallengeUseCredential,NSURLCredential.create(serverTrust))
} else {
completionHandler(NSURLSessionAuthChallengeUseCredential, null)
}
}
Issue Analytics
- State:
- Created 4 years ago
- Comments:24 (11 by maintainers)
Top Results From Across the Web
Securing iOS Applications with SSL Pinning - Medium
Secure Socket Layer (SSL) Pinning is the process of associating a host with its certificate or public key. Using Secure Socket Layer (SSL) ......
Read more >Identity Pinning: How to configure server certificates for your app
Your app can proactively provide a great experience by pinning the public keys of CAs, instead of servers. This way, you can deploy...
Read more >8 Different Ways to Bypass SSL Pinning in iOS application
SSL Pinning is a technique that we use on the client-side to avoid a man-in-the-middle attack by validating the server certificates. The ...
Read more >iOS SSL Pinning: How To Make Your iOS Apps More Secure?
SSL Pinning is a method used in Swift. A language used in the iOS platform to prevent dangerous security attacks by pinning trustworthy ......
Read more >Preventing Man-in-the-Middle Attacks in iOS with SSL Pinning
Types of SSL Certificate Pinning · Pin the certificate: You can download the server's certificate and bundle it into your app. At runtime,...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I recently had to tackle implementing iOS certificate pinning. Here is a blog post I just published detailing my solution. Feel free to use it to help you work out your solution. Hope it helps someone.
https://medium.com/@alistairsykes/kotlin-multiplatform-ios-certificate-pinning-fd1abba5ca8f
Sure, the latest EAP 22: https://ktor.io/eap/