GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → datatheorem → Trustkit

datatheorem / Trustkit

Licence: mit
Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.

Programming Languages

c
50402 projects - #5 most used programming language
objective c
16641 projects - #2 most used programming language

Labels

iosmacostvossslssl-pinningssl-reporting

Projects that are alternatives of or similar to Trustkit

Ssl Kill Switch2
Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
Stars: ✭ 2,420 (+44.22%)
Mutual labels:  ssl, ssl-pinning
GCXTrustPolicy
SSL pinning and trust validation framework for iOS
Stars: ✭ 21 (-98.75%)
Mutual labels:  ssl, ssl-pinning
Telegraph
Secure Web Server for iOS, tvOS and macOS
Stars: ✭ 474 (-71.75%)
Mutual labels:  tvos, ssl
Swiftyviper
Swift Interaction with VIPER Architecture
Stars: ✭ 110 (-93.44%)
Mutual labels:  tvos
Lemur
Repository for the Lemur Certificate Manager
Stars: ✭ 1,533 (-8.64%)
Mutual labels:  ssl
Mapbox Directions Swift
Traffic-aware directions and map matching in Swift on iOS, macOS, tvOS, watchOS, and Linux
Stars: ✭ 115 (-93.15%)
Mutual labels:  tvos
Sqift
Powerful Swift wrapper for SQLite
Stars: ✭ 119 (-92.91%)
Mutual labels:  tvos
Conbini
Publishers, operators, and subscribers to supplement Combine.
Stars: ✭ 109 (-93.5%)
Mutual labels:  tvos
Swiftui Kit
A SwiftUI system components and interactions demo app
Stars: ✭ 1,733 (+3.28%)
Mutual labels:  tvos
Tls Channel
A Java library that implements a ByteChannel interface over SSLEngine, enabling easy-to-use (socket-like) TLS for Java applications.
Stars: ✭ 113 (-93.27%)
Mutual labels:  ssl
Articles Zh Hans
Articles for NSHipster.cn
Stars: ✭ 113 (-93.27%)
Mutual labels:  tvos
X0
Xzero HTTP Application Server
Stars: ✭ 111 (-93.38%)
Mutual labels:  ssl
Mapboxgeocoder.swift
Address search and reverse geocoding in Swift or Objective-C on iOS, macOS, tvOS, and watchOS
Stars: ✭ 115 (-93.15%)
Mutual labels:  tvos
Diff
Simple diff library in pure Swift
Stars: ✭ 110 (-93.44%)
Mutual labels:  tvos
Surmagic
🚀 The better way to deal with Binary Frameworks on iOS, Mac Catalyst, tvOS, macOS, and watchOS. Create XCFrameworks with ease.
Stars: ✭ 119 (-92.91%)
Mutual labels:  tvos
Swift Sdk
LeanCloud Swift SDK
Stars: ✭ 110 (-93.44%)
Mutual labels:  tvos
Captagent
100% Open-Source Packet Capture Agent for HEP
Stars: ✭ 116 (-93.09%)
Mutual labels:  ssl
Ios Samples
Xamarin.iOS sample apps
Stars: ✭ 1,501 (-10.55%)
Mutual labels:  tvos
Lifesaver
Conway's Game of Life implemented as an artistic, abstract macOS screensaver and tvOS app using SpriteKit
Stars: ✭ 113 (-93.27%)
Mutual labels:  tvos
Fontawesome.swift
Use FontAwesome in your Swift projects
Stars: ✭ 1,513 (-9.83%)
Mutual labels:  tvos
View All Similar Projects ➔

TrustKit

Build Status Carthage compatible Version Status Platform License MIT Gitter chat

TrustKit is an open source framework that makes it easy to deploy SSL public key pinning and reporting in any iOS 12+, macOS 10.13+, tvOS 12+ or watchOS 4+ App; it supports both Swift and Objective-C Apps.

If you need SSL pinning/reporting in your Android App. we have also released TrustKit for Android at https://github.com/datatheorem/TrustKit-Android.

Overview

TrustKit provides the following features:

  • Simple API to configure an SSL pinning policy and enforce it within an App. The policy settings are heavily based on the HTTP Public Key Pinning specification.
  • Sane implementation by pinning the certificate's Subject Public Key Info, as opposed to the certificate itself or the public key bits.
  • Reporting mechanism to notify a server about pinning validation failures happening within the App, when an unexpected certificate chain is detected. This is similar to the report-uri directive described in the HPKP specification. The reporting mechanism can also be customized within the App by leveraging pin validation notifications sent by TrustKit.
  • Auto-pinning functionality by swizzling the App's NSURLConnection and NSURLSession delegates in order to automatically add pinning validation to the App's HTTPS connections; this allows deploying TrustKit without even modifying the App's source code.

Getting Started

Sample Usage

Deploying SSL pinning in the App requires initializing TrustKit with a pinning policy (domains, Subject Public Key Info hashes, and additional settings).

The policy can be configured within the App's Info.plist:

Info.plist policy

Alternatively, the pinning policy can be set programmatically:

    NSDictionary *trustKitConfig =
  @{
    kTSKSwizzleNetworkDelegates: @NO,
    kTSKPinnedDomains : @{
            @"www.datatheorem.com" : @{
                    kTSKExpirationDate: @"2017-12-01",
                    kTSKPublicKeyHashes : @[
                            @"HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=",
                            @"0SDf3cRToyZJaMsoS17oF72VMavLxj/N7WBNasNuiR8="
                            ],
                    kTSKEnforcePinning : @NO,
                    },
            @"yahoo.com" : @{
                    kTSKPublicKeyHashes : @[
                            @"TQEtdMbmwFgYUifM4LDF+xgEtd0z69mPGmkp014d6ZY=",
                            @"rFjc3wG7lTZe43zeYTvPq8k4xdDEutCmIhI5dn4oCeE=",
                            ],
                    kTSKIncludeSubdomains : @YES
                    }
            }};
    
    [TrustKit initSharedInstanceWithConfiguration:trustKitConfig];

The policy can also be set programmatically in Swift Apps:

        let trustKitConfig = [
            kTSKSwizzleNetworkDelegates: false,
            kTSKPinnedDomains: [
                "yahoo.com": [
                    kTSKExpirationDate: "2017-12-01",
                    kTSKPublicKeyHashes: [
                        "JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=",
                        "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="
                    ],]]] as [String : Any]
        
        TrustKit.initSharedInstance(withConfiguration:trustKitConfig)

After TrustKit has been initialized, a TSKPinningValidator instance can be retrieved from the TrustKit singleton, and can be used to perform SSL pinning validation in the App's network delegates. For example in an NSURLSessionDelegate:

- (void)URLSession:(NSURLSession *)session 
              task:(NSURLSessionTask *)task 
didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge 
 completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler {
{
    TSKPinningValidator *pinningValidator = [[TrustKit sharedInstance] pinningValidator];
    // Pass the authentication challenge to the validator; if the validation fails, the connection will be blocked
    if (![pinningValidator handleChallenge:challenge completionHandler:completionHandler])
    {
        // TrustKit did not handle this challenge: perhaps it was not for server trust
        // or the domain was not pinned. Fall back to the default behavior
        completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
    }
}

For more information, see the Getting Started guide.

Credits

TrustKit is a joint-effort between the mobile teams at Data Theorem and Yahoo. See AUTHORS for details.

License

TrustKit is released under the MIT license. See LICENSE for details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].