search

datatheorem / TrustKit

Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
MIT License
1.99k stars 360 forks source link

Alamofire 5 integration #286

Open Anandsetty opened 1 year ago

Anandsetty commented 1 year ago

In our application we use to follow below streps to integration

class ApiManager: SessionDelegate{

var sessionManager: SessionManager?

override init(){ super.init() initReachibility() sessionManager = SessionManager.init(configuration: URLSessionConfiguration.ephemeral, delegate: self) }

override func urlSession(_ session: URLSession, task: URLSessionTask, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { // Call into TrustKit here to do pinning validation if TrustKit.sharedInstance().pinningValidator.handle(challenge, completionHandler: completionHandler) == false { // TrustKit did not handle this challenge: perhaps it was not for server trust // or the domain was not pinned. Fall back to the default behavior completionHandler(.cancelAuthenticationChallenge, nil) } }

func makeRequestAlamofire(route:URL, method:HTTPMethod, autherized:Bool, parameter:Parameters,header:[String:String], callback: @escaping (APIResult) -> Void){

    sessionManager?.request(route,method: method,parameters:parameter, encoding: JSONEncoding.default,headers:headers ).validate(statusCode: 200..<300)
        .validate(contentType: ["application/json"]).responseData { response in
            //Pin Validtion returner
            guard response.error == nil else {
                // Display Error Alert
                print("Result Pinning validation failed for \(route.absoluteString)\n\n\(response.error.debugDescription)")
                return
            }
            switch response.result {
              case .success(let val):
                print("Success")
              case .failure(let error):
                print("Faild")
            }
    }
}

}

Now in alamofire 5 there is no SessionManager. Here i tried to initialise the session with but no interface to have SessionDelegate delegate method so that we can have implement below implementation

Session = Session(configuration: URLSessionConfiguration.ephemeral)

override func urlSession(_ session: URLSession, task: URLSessionTask, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
    // Call into TrustKit here to do pinning validation
    if TrustKit.sharedInstance().pinningValidator.handle(challenge, completionHandler: completionHandler) == false {
        // TrustKit did not handle this challenge: perhaps it was not for server trust
        // or the domain was not pinned. Fall back to the default behavior
        completionHandler(.cancelAuthenticationChallenge, nil)
    }
}

Please let us know how to use TrustKit along with alamofire 5

artemelianov commented 1 year ago

Just use ServerTrustEvaluating protocol and evaluate method inside it. TrustKit has pinningValidator.evaluateTrust method that can help you with it. With statuses domainNotPinned, shouldAllowConnection and default just throw an error. This is it