Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate Pinning Verification #20

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Conversation

ShihabMehboob
Copy link
Contributor

Verify server certificates the user is connecting to. In relation to this issue: #19

@ShihabMehboob ShihabMehboob mentioned this pull request Feb 20, 2018
Copy link
Contributor

@ianpartridge ianpartridge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You seem to have changed all the spaces to tabs.

@codecov-io
Copy link

Codecov Report

Merging #20 into master will decrease coverage by 0.46%.
The diff coverage is 84.52%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #20      +/-   ##
==========================================
- Coverage   53.12%   52.65%   -0.47%     
==========================================
  Files           9        9              
  Lines         800      809       +9     
==========================================
+ Hits          425      426       +1     
- Misses        375      383       +8
Flag Coverage Δ
#SwiftyRequest 52.65% <84.52%> (-0.47%) ⬇️
Impacted Files Coverage Δ
Sources/SwiftyRequest/RestRequest.swift 59.17% <84.52%> (-0.97%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 82d49d1...9fc6da3. Read the comment docs.

@neurosaurus
Copy link

Hi there, any updates on this PR?

@ianpartridge
Copy link
Contributor

@ShihabMehboob ?

@ShihabMehboob
Copy link
Contributor Author

@ianpartridge This PR is ready for review/merging (two Travis tests appear to fail but all pass locally so could just be an anomaly).

Copy link
Contributor

@ianpartridge ianpartridge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments, plus there's no test yet.

Log.warning(warning)
fallthrough
}
if let certificateData = NSData(contentsOfFile: Bundle.main.path(forResource: self.pinnedCertificateName, ofType: "der") ?? "") {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we creating the NSData even if self.pinnedCertificateName is nil? Shouldn't we skip this whole section if it's nil?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a guard to ensure it's not nil.

completionHandler(.useCredential, URLCredential(trust: trust))
return
} else {
completionHandler(.performDefaultHandling, nil)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we return after this? Otherwise we'll call the completion handler twice.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@ShihabMehboob
Copy link
Contributor Author

testGetSelfSignedCert() exists, which passes in containsSelfSignedCert: true to invoke the urlSession delegate with the URLAuthenticationChallenge and server trust.

@ianpartridge
Copy link
Contributor

Does it cover the certificate pinning though?

@@ -140,6 +140,7 @@ class SwiftyRequestTests: XCTestCase {
let expectation = self.expectation(description: "Data Echoed Back")

let request = RestRequest(method: .get, url: echoURLSecure, containsSelfSignedCert: true)
request.pinnedCertificateName = ""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please can we leave this test alone, add a new testPinnedCertificate() and test with a real pinned certificate? Or is that not possible?

@CLAassistant
Copy link

CLAassistant commented Sep 27, 2020

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

❌ ianpartridge
❌ ShihabMehboob
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants