Reputation: 13008
Does Cordova support certificate pinning on iOS?
Does Cordova support certificate pinning on iOS?
Upvotes: 2
Views: 1802
Answers (2)
Reputation: 13008
Cordova doesn't support certificate pinning but can be achieved using the Intel App Security API which comes as a Cordova plugin.
Secure Transport send with pinned public key snippet:
// TODO change server PK
var publicKey = "-----BEGIN PUBLIC KEY-----\n" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988\n" +
"bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDv\n" +
"gOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5f\n" +
"a9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs\n" +
"0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9g\n" +
"OeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk\n" +
"+QIDAQAB\n" +
"-----END PUBLIC KEY-----\n";
// create the Transport Secure instance
intel.security.secureTransport.open( {url: "https://software.intel.com/en-us/app-security-api/api", serverKey: publicKey} )
// send the request
.then (function (transportInstanceID) {
// send the HTTPS request
return intel.security.secureTransport.sendRequest( {instanceID: transportInstanceID, requestBody: "data to send"} );
})
// process the response
.then (function(response) {
// assign response HTTP status
var responseHttpStatus = response.responseHttpStatus;
// assign response body
var responseBody = response.responseBody;
// assign response header
var responseHeader = response.responseHeader;
// now we have the following items:
// the response status in 'responseHttpStatus'
// the response body in 'responseBody'
// the response header in 'responseHeader'
// we can use those in our code.
doSomethingAfterReceiveWithKeyPinning(response);
})
.catch (function(error) {
console.log("Fail, error code is: " + error.code + ", error message is: " + error.message);
});
Source of the snippet is from the original documentation: https://software.intel.com/en-us/node/604523
Upvotes: 1
Reputation: 5647
Cordova doesn't, but like most functionality, it is possible to do using a plugin.
"Cordova / Phonegap plugin for communicating with HTTP servers. Allows for SSL pinning!" -- https://github.com/wymsee/cordova-HTTP
Like it says in he Cordova Security Guide, "...assuming your app is able to do all of its network requests using the plugin (i.e.: no traditional XHR/AJAX requests, etc)."
Upvotes: 1
Related Questions
- Cordova Error: Your ios platform does not have Api.js
- Cordova: start specific iOS emulator image
- Ionic Cordova resources Error: self signed certificate in certificate chain
- Does cordova-ios support Xcode 11 and iOS 13 SDK?
- How can I implement SSL Certificate Pinning while using React Native
- Is there a difference between PhoneGap and Cordova commands?
- IBM MobileFirst Platform Certificate pinning in Cordova Hybrid apps
- Does Cordova support WebGL on IOS