Skip to content

Certificate Pinning Verification#20

Open
ShihabMehboob wants to merge 5 commits intomasterfrom
cert_pinning
Open

Certificate Pinning Verification#20
ShihabMehboob wants to merge 5 commits intomasterfrom
cert_pinning

Conversation

@ShihabMehboob
Copy link
Copy Markdown
Contributor

@ShihabMehboob ShihabMehboob commented Feb 20, 2018

Verify server certificates the user is connecting to. In relation to this issue: #19

@ShihabMehboob ShihabMehboob mentioned this pull request Feb 20, 2018
Closed
ianpartridge
ianpartridge requested changes Feb 20, 2018
View reviewed changes
Copy link
Copy Markdown

@ianpartridge ianpartridge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You seem to have changed all the spaces to tabs.

@codecov-io
Copy link
Copy Markdown

codecov-io commented Feb 21, 2018

Codecov Report

Merging #20 into master will decrease coverage by 0.46%.
The diff coverage is 84.52%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #20      +/-   ##
==========================================
- Coverage   53.12%   52.65%   -0.47%     
==========================================
  Files           9        9              
  Lines         800      809       +9     
==========================================
+ Hits          425      426       +1     
- Misses        375      383       +8
Flag Coverage Δ
#SwiftyRequest 52.65% <84.52%> (-0.47%) ⬇️
Impacted Files Coverage Δ
Sources/SwiftyRequest/RestRequest.swift 59.17% <84.52%> (-0.97%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 82d49d1...9fc6da3. Read the comment docs.

@neurosaurus
Copy link
Copy Markdown

neurosaurus commented Jul 5, 2018

Hi there, any updates on this PR?

@ianpartridge
Copy link
Copy Markdown

ianpartridge commented Jul 6, 2018

@ShihabMehboob ?

@ShihabMehboob
Copy link
Copy Markdown
Contributor Author

ShihabMehboob commented Jul 9, 2018

@ianpartridge This PR is ready for review/merging (two Travis tests appear to fail but all pass locally so could just be an anomaly).

ianpartridge
ianpartridge requested changes Jul 9, 2018
View reviewed changes
Copy link
Copy Markdown

@ianpartridge ianpartridge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments, plus there's no test yet.

Comment thread Sources/SwiftyRequest/RestRequest.swift Outdated
Log.warning(warning)
fallthrough
}
if let certificateData = NSData(contentsOfFile: Bundle.main.path(forResource: self.pinnedCertificateName, ofType: "der") ?? "") {
Copy link
Copy Markdown

@ianpartridge ianpartridge Jul 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we creating the NSData even if self.pinnedCertificateName is nil? Shouldn't we skip this whole section if it's nil?

Copy link
Copy Markdown
Contributor Author

@ShihabMehboob ShihabMehboob Jul 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a guard to ensure it's not nil.

Comment thread Sources/SwiftyRequest/RestRequest.swift
completionHandler(.useCredential, URLCredential(trust: trust))
return
} else {
completionHandler(.performDefaultHandling, nil)
Copy link
Copy Markdown

@ianpartridge ianpartridge Jul 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we return after this? Otherwise we'll call the completion handler twice.

Copy link
Copy Markdown
Contributor Author

@ShihabMehboob ShihabMehboob Jul 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@ShihabMehboob
Copy link
Copy Markdown
Contributor Author

ShihabMehboob commented Jul 9, 2018

testGetSelfSignedCert() exists, which passes in containsSelfSignedCert: true to invoke the urlSession delegate with the URLAuthenticationChallenge and server trust.

@ianpartridge
Copy link
Copy Markdown

ianpartridge commented Jul 9, 2018

Does it cover the certificate pinning though?

ianpartridge
ianpartridge requested changes Jul 12, 2018
View reviewed changes
Comment thread Tests/SwiftyRequestTests/SwiftyRequestTests.swift
let expectation = self.expectation(description: "Data Echoed Back")

let request = RestRequest(method: .get, url: echoURLSecure, containsSelfSignedCert: true)
request.pinnedCertificateName = ""
Copy link
Copy Markdown

@ianpartridge ianpartridge Jul 12, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please can we leave this test alone, add a new testPinnedCertificate() and test with a real pinned certificate? Or is that not possible?

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Sep 27, 2020
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

❌ ShihabMehboob
❌ ianpartridge
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ianpartridge ianpartridge ianpartridge requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ShihabMehboob @codecov-io @neurosaurus @ianpartridge @CLAassistant