search

nativescript-community / https

Secure HTTP client with SSL pinning for Nativescript - iOS/Android
https://nativescript-community.github.io/https/
Other
50 stars 42 forks source link

Nativescript-https plugin issue #36

Open NickIliev opened 6 years ago

NickIliev commented 6 years ago

From @smartsanja2013 on August 23, 2018 10:36

Highly appreciated someone can help me how to figure-out this issue. I have tried-out so many days,different certs, different domain names. nothing works.

I have to enable ssl pining in my app. So, I had to use https://github.com/gethuman/nativescript-https 1 plugin. I have follow the implementation steps correctly. But when I make the https request, iOS app crash in AFNetworking EXC_BAD_Access error. I have added two NSLogs to AFHTTPSSessionManager class.

screen shot 2018-08-22 at 2 52 09 pm

Output

Securitypolicy AFSSLPinningModePublicKey
baseURL scheme (null)

It seems something wrong with setting the certificate and host in the angular code. By right, Securitypolicy should be AFSSLPinningModeCertificate and baseURL schme should have https.

Android app gives this error Https.request error javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Implementation details as bellow reference.d.ts

/// <reference path="./node_modules/tns-core-modules/tns-core-modules.d.ts" />
/// <reference path="./node_modules/tns-platform-declarations/android.d.ts" />
/// <reference path="./node_modules/tns-platform-declarations/ios.d.ts" />

imports

import { File, Folder, knownFolders, path } from 'file-system'
import * as Https from 'nativescript-https'

in the constructor

let dir = knownFolders.currentApp().getFolder('certs')
let certificate = dir.getFile('httpbin.org.cer').path
Https.enableSSLPinning({ host: 'httpbin.org', certificate: certificate});

method

clickLogin(){
        Https.request({
            url: 'https://httpbin.org/get',
            method: 'GET',
            headers: {
                'content-type': 'application/json'
            },
        }).then(function(response) {
            console.log('Https.request response', response)
        }).catch(function(error) {
            console.error('Https.request error', error)
        })
}

tns version 4.0.1 node v6.11.5

Copied from original issue: NativeScript/NativeScript#6211

NickIliev commented 6 years ago

@smartsanja2013 the error log seems to be related to a known bug in AFNetworking pod that is used in the iOS part of nativescript-https - the related issue is logged here

At this very moment, no solution is provided by the author of the pod - you could track the issue for any possible updates regarding this one and if a newer version of the pod is published you can re-pack the plugin to use the newer AFNetworking pod.

I've used this test app to reproduce the following error:

*** Terminating app due to uncaught exception 'Invalid Security Policy', reason: 'A security policy configured with `AFSSLPinningModePublicKey` can only be applied on a manager with a secure base URL (i.e. https)'
NickIliev commented 6 years ago

Possible solution:

@smartsanja2013 try to revert the version of the AFNetwork POD to a stable one like suggested here

To achieve that clone the nativescript-https repository and hardcore the pod version in platform/ios/Podfiler to 3.1.0 (without using tilde ~ - check this article for POD versioning specifics) and then do npm pack on the plugin source and use the newly packed plugin.

ashokch8 commented 4 years ago

https accepts multiple certificates?

ashokch8 commented 4 years ago

@EddyVerbruggen Hi Eddy, https accepts multiple certificates to work with multiple servers?