CODEWITHSUNDEEP
iosreact-nativereact-native-iostrustkit
Auticcat
Auticcat

Reputation: 4489

Implementing ssl pinning in a react-native application using TrustKit iOS

I'm trying to implement SSL pinning in a react-native application (RN 0.60) and I'm using Trustkit.

Following the guide posted in https://github.com/datatheorem/TrustKit these are the step that I've done:

1) Install TrustKit pod using pod 'TrustKit' and pod install

2) Added to my AppDelegate.m this piece of code:

#import <TrustKit/TrustKit.h>

//inside didFinishLaunchingWithOptions

NSDictionary *trustKitConfig =
  @{
    kTSKSwizzleNetworkDelegates: @YES,
    kTSKPinnedDomains: @{
        @"www.datatheorem.com" : @{
            kTSKEnforcePinning:@YES,
            kTSKIncludeSubdomains:@YES,
            //Using wrong hashes so it fails
            kTSKPublicKeyHashes : @[
                @"Ca5gV6n7OVx4AxtEaIk8NI9qyKBTtKJjwqullb/v9hh=",
                @"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihh="
                ]
            }}};

  [TrustKit initSharedInstanceWithConfiguration:trustKitConfig];

When i try to do 

 RNFetchBlob.fetch('GET', "https://www.datatheorem.com", {})    //tried using standard fetch() but gives same results
    .then(async(res) => {
        console.log('RES => ' ,res)
    })
    // Something went wrong:
    .catch((err) => {
        console.log('ERROR =>', err);
    })

It goes inside then and doesn't give any error but responds with a 200 status code (using wrong Hashes).

Otherwise, using Android it works correctly, going inside the catch and saying:

Error: Pin verification failed

Upvotes: 6

Views: 5373

Answers (2)

kam89
kam89

Reputation: 11

I have configure the TrustKit in the Info.plist. Also I notice that even though you have only 1 PublicKeyHash, you have to provide a dummy one as well for Trustkit to work in iOS apps.

Upvotes: 1

Auticcat
Auticcat

Reputation: 4489

So, I've came back to this and tried it out again and got it working. The only difference from my current code to the one i posted some time ago is that i added kTSKPublicKeyAlgorithms : @[kTSKAlgorithmRsa2048] inside a specific pinned domain.

I've followed the same steps i posted in the question. The final AppDelegate looks like:

Inside didFinishLaunchingWithOptions before the return YES, i added:

  [self initTrustKit];

Then after the enclosing parenthesis of the didFinishLaunchingWithOptions i added:

- (void)initTrustKit {
      NSDictionary *trustKitConfig =
  @{
    kTSKSwizzleNetworkDelegates: @YES,                    
    kTSKPinnedDomains : @{
            @"www.datatheorem.com" : @{
              kTSKEnforcePinning : @YES,
              kTSKIncludeSubdomains:@YES,
                    kTSKPublicKeyHashes : @[
                        @"Ca5gV6n7OVx4AxtEaIk8NI9qyKBTtKJjwqullb/v9hh=",
                        @"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihh="
                            ],
              kTSKPublicKeyAlgorithms : @[kTSKAlgorithmRsa2048],
                    },
            }};
    [TrustKit initSharedInstanceWithConfiguration:trustKitConfig];
}

Not it works in iOS returning going in the catch and printing : ERROR => cancelled

Upvotes: 3

Related Questions