Reputation: 46188
AFNetworking pin public key for a trusted certificate
I use AFNetworking 2.3.1, I have a trusted certificate for which I'd like to pin the public key.
I have the crt, key, pfx files, so I imagine I have to add them into my bundle.
AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc]
initWithRequest:request];
[operation setCompletionBlockWithSuccess:^(AFHTTPRequestOperation *operation,
id responseObject) {
NSLog(@"Success");
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
return [self processError:[operation response]];
}];
[operation start];
Now how can I tell AFNetworking to use the AFSSLPinningModePublicKey mode ?
(I don't see the setSSLPinningMode method from AFHTTPRequestOperation)
And how do I tell AFNetworking to use the added key ? I can't find any example on the documentation.
Upvotes: 7
Views: 6059
Answers (2)
Reputation: 4934
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
/**** SSL Pinning ****/
AFSecurityPolicy *securityPolicy = [[self alloc] init];
securityPolicy.SSLPinningMode = AFSSLPinningModePublicKey;
[manager setSecurityPolicy:securityPolicy];
/**** SSL Pinning ****/
[manager GET:WEBSITE_URL parameters:params
success:^(AFHTTPRequestOperation *operation, NSDictionary* responseObject) {
//..... beautiful code here
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
//..... beautiful code here
}];
Hope this help
Check the link here: Also, refer AFNetworking Documents
Upvotes: 4
Reputation: 58361
AFNetworking has an AFSecurityPolicy object has values for security features, including the SSL pinning mode.
You can set the securityPolicy on an AFHTTPRequestOperation:
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
operation.securityPolicy = securityPolicy;
Your certificate must have the extension cer not crt and should be in DER format. Add it to your bundle. You can convert it to the correct format in a terminal with the following command:
openssl x509 -in domain.crt -out domain.cer -outform der
You should not include keys in your app bundle, only the certificate is required.
Upvotes: 13
Related Questions
- AFNetworking + HTTPS (Identity not verified)
- Integration between TrustKit and AFNetworking
- SSL Pinning with AFNetworking
- SSL Pinning with AFNetworking 3.0
- AFNetworking with SSL Certificate
- How do I allow a user to trust and pin a self-signed SSL Certificate using AFNetworking in iOS
- AFNetworking 2 with AFSSLPinningModeCertificate
- SSL pinning - setting pinned public keys instead of pinned certificates in AFSecurityPolicy
- SSL Certificate validation with AFNetworking
- AFNetworking Certificate Error